Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Problem starting wow.dll" on right-click in Win Explorer


  • This topic is locked This topic is locked
14 replies to this topic

#1 dewmangolf

dewmangolf

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 31 August 2013 - 01:22 PM

A modal popup reads:

 

There was a problem starting C:\Users\Dewey\AppData\Local\Temp\smwcuse\svnjuds\wow.dll

 

I also have a malware that keeps replacing google.com as my default home page in IE10.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.21.2
Run by Dewey at 13:08:34 on 2013-08-31
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.12112.8790 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Windows\system32\HPSIsvc.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe
C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Dewey\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe
C:\Users\Dewey\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
R:\140066.enu\Office14\WINWORDC.EXE
R:\140066.enu\Office14\OffSpon.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: BrowserPlus2 Toolbar: {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll
mURLSearchHooks: BrowserPlus2 Toolbar: {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll
mWinlogon: Userinit = userinit.exe
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -
BHO: LinkSwift: {323420b6-65e5-4657-8106-a27392d4d4aa} - C:\Program Files (x86)\LinkSwift\LinkSwiftbho.dll
BHO: BrowserPlus2 Toolbar: {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Fast Free Converter 4.1: {B422F1BC-9ADB-48A7-8B13-00C176039DC5} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB: BrowserPlus2 Toolbar: {650598E1-B35A-45D3-B607-896D7ACB64C3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: BrowserPlus2 Toolbar: {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} -
EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -
uRun: [FreeScreenSharing] "C:\Users\Dewey\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe"
uRun: [SearchProtect] C:\Users\Dewey\AppData\Roaming\SearchProtect\bin\cltmng.exe
uRun: [ConduitFloatingPlugin_iigplimlmgilpobjilfbfeilnpiigpgl] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3309350\plugins\TBVerifier.dll",RunConduitFloatingPlugin iigplimlmgilpobjilfbfeilnpiigpgl
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Power Manager Power Agenda] C:\PROGRA~2\ThinkPad\UTILIT~1\DPMHost.exe
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
StartupFolder: C:\Users\Dewey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{81343295-7EA4-47A8-956F-2CEFC9CACB0D} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=   
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dewey\AppData\Roaming\Mozilla\Firefox\Profiles\0tw2tu4v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&CUI=UN25627363292861412&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BrowserPlus2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3309350&octid=CT3309350&SearchSource=61&CUI=UN25627363292861412&UM=2&UP=SP8F947234-742B-495B-8225-A914B2B9CB74
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&SearchSource=2&CUI=UN25627363292861412&UM=2&q=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-14 11:53; {740B3FD5-4483-469D-BE7F-8555B153BD04}; C:\Program Files (x86)\Mozilla Firefox\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-5-8 97056]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 FastFreeConverterUpdt;FastFreeConverterUpdt;C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [2013-7-29 193024]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\System32\svchost.exe -k ftpsvc [2009-7-13 27136]
R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2011-7-3 126520]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-30 13336]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2013-6-10 84624]
R2 MsDtsServer110;SQL Server Integration Services 11.0;C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [2012-12-29 218600]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R2 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-5-30 70968]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2012-10-20 2423792]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-30 2656280]
R2 Update LinkSwift;Update LinkSwift;C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe [2013-8-26 206624]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-4-13 84088]
R2 VisualSVNServer;VisualSVN Server;C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [2011-6-1 24424]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-30 317440]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2012-2-11 49752]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2010-9-28 41536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2011-7-3 20480]
S3 SQL Server Distributed Replay Client;SQL Server Distributed Replay Client;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [2012-2-11 137304]
S3 SQL Server Distributed Replay Controller;SQL Server Distributed Replay Controller;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [2012-2-11 342104]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-2 1255736]
S4 Apache2.2;Apache2.2;C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2011-5-20 20549]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-8-15 61976]
S4 RsFx0102;RsFx0102 Driver;C:\Windows\System32\drivers\RsFx0102.sys [2008-7-10 314904]
S4 RsFx0201;RsFx0201 Driver;C:\Windows\System32\drivers\RsFx0201.sys [2012-10-20 336880]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-8-15 430616]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-31 16:02:53 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C1A8C670-D76F-44D5-B2D0-9FF9EDC993A9}\mpengine.dll
2013-08-30 00:27:33 9515512 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-27 02:45:42 -------- d-----w- C:\Program Files (x86)\LinkSwift
2013-08-27 02:45:15 -------- d-----w- C:\Users\Dewey\AppData\Local\Conduit
2013-08-27 02:45:15 -------- d-----w- C:\Program Files (x86)\BrowserPlus2
2013-08-27 02:45:00 -------- d-----w- C:\Users\Dewey\AppData\Local\CRE
2013-08-27 02:45:00 -------- d-----w- C:\Program Files (x86)\Conduit
2013-08-27 02:44:35 -------- d-----w- C:\Program Files (x86)\SearchProtect
2013-08-27 02:44:22 -------- d-----w- C:\Users\Dewey\AppData\Roaming\SearchProtect
2013-08-27 01:54:44 -------- d-----w- C:\Program Files\Microsoft
2013-08-23 03:07:32 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E8C6C45-2297-4416-B825-8DE5FFC6EF5C}\gapaengine.dll
2013-08-15 08:01:09 -------- d-----w- C:\Windows\System32\MRT
.
==================== Find3M  ====================
.
2013-08-03 00:50:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-03 00:50:09 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 13:09:46.38 ===============
 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:01 AM

Posted 03 September 2013 - 05:40 PM

Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
NEXT

I would like to get a scan from MBAR first to see what is on your machine, so don't click the "clean-up" first time round

Please download Malwarebytes Anti-Rootkit (MBAR) from here http://www.malwarebytes.org/products/mbar/ and save it to your desktop.

Direct link to the file: http://downloads.malwarebytes.org/file/mbar
•Be sure to print out and follow the instructions provided on that same page.
•Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
•Doubleclick on the MBAR file you downloaded.
•Approve the UAC prompt in Vista and newer operating systems.
•Click OK on the next screen, to allow the package to extract the contents of the file to it's own folder, mbar.
•By default, this will be on your desktop, though you can choose another location if you wish. We advise using the default location for simplicity.
•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
•After reading the Introduction, click 'Next' if you agree.
•On the Update Database screen, click on the 'Update' button.
•Once you see 'Success: Database was successfully updated' click on 'Next'.
•Click the 'Scan' button.
A.With some infections, you may see two messages boxes.
1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
•If malware is found, do NOT press the Cleanup button when the scan completes. Click EXIT.
Then, please send the following logs as attachments to your reply. These logs are located in the mbar folder on your desktop where the tool extracted itself to.
mbar-log-2013-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)
system-log.txt

Edited by CatByte, 27 January 2014 - 08:46 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 dewmangolf

dewmangolf
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 04 September 2013 - 09:13 PM

Attached File  Addition.txt   38.38KB   1 downloadsAttached File  mbar-log-2013-09-04 (20-56-09).txt   2.24KB   1 downloadsAttached File  system-log.txt   22.4KB   1 downloadsScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-09-2013
Ran by Dewey (administrator) on DEWEYIBM on 04-09-2013 20:37:41
Running from C:\Users\Dewey\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Conduit) C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
() C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(LinkSwift) C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe
(Apache Software Foundation) C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apache Software Foundation) C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Users\Dewey\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe
(Conduit) C:\Users\Dewey\AppData\Roaming\SearchProtect\bin\cltmng.exe
(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
() C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2010-10-19] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [itype] - c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [FreeScreenSharing] - C:\Users\Dewey\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe [2204488 2011-11-22] ()
HKCU\...\Run: [SearchProtect] - C:\Users\Dewey\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Dewey\AppData\Local\Temp\smwcuse\svnjuds\wow64.dll ATTENTION! ====> ZeroAccess?
MountPoints2: {2e96f2d0-a529-11e0-9254-4437e63aa8ee} - D:\SISetup.exe
MountPoints2: {4980d646-8b11-11e0-a89c-806e6f6e6963} - Q:\LenovoQDrive.exe
MountPoints2: {86882fcd-fa04-11e0-893b-4437e63aa8ee} - D:\setup.exe -a
MountPoints2: {c8e07d2e-8bb6-11e2-a037-4437e63aa8ee} - D:\SETUP.EXE
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-11-17] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [Power Manager Power Agenda] - C:\Program Files (x86)\ThinkPad\Utilities\DPMHost.EXE [75064 2010-12-13] ()
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4309184 2011-02-09] (Lenovo, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit)
HKU\ASP.NET V2.0 Integrated\...\RunOnce: [] -  [x]
HKU\ASP.NET V2.0 Integrated\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] ()
HKU\ASP.NET v4.0\...\RunOnce: [] -  [x]
HKU\ASP.NET v4.0\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] ()
HKU\Classic .NET AppPool\...\RunOnce: [] -  [x]
HKU\Classic .NET AppPool\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] ()
HKU\Default\...\RunOnce: [] -  [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [] -  [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] ()
HKU\DefaultAppPool\...\RunOnce: [] -  [x]
HKU\DefaultAppPool\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] ()
AppInit_DLLs:     [0 ] ()
AppInit_DLLs-x32:     [0 ] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
ShortcutTarget: Monitor Apache Servers.lnk -> C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)
Startup: C:\Users\Dewey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3309350&octid=CT3309350&SearchSource=61&CUI=UN82566015370482138&UM=2&UP=SP8F947234-742B-495B-8225-A914B2B9CB74
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
URLSearchHook: (No Name) - {650598e1-b35a-45d3-b607-896d7acb64c3} -  No File
SearchScopes: HKLM - DefaultScope {BB69A1EC-B107-405C-973C-B21685D44DD5} URL = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=352&systemid=406&apn_uid=6252592244064882&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {3763B705-F047-4590-992B-5CCC0FFC24F6} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=352&systemid=406&apn_uid=6252592244064882&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - DefaultScope {3763B705-F047-4590-992B-5CCC0FFC24F6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309350&CUI=UN82566015370482138&UM=2
SearchScopes: HKCU - {3763B705-F047-4590-992B-5CCC0FFC24F6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309350&CUI=UN82566015370482138&UM=2
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKCU - {B5FF2485-1C82-458E-85E1-F35D6C1C6DA0} URL =
SearchScopes: HKCU - {BB69A1EC-B107-405C-973C-B21685D44DD5} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: DownloadTerms - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Dewey\AppData\Local\DownloadTerms\temp.dat No File
BHO-x32: LinkSwift - {323420b6-65e5-4657-8106-a27392d4d4aa} - C:\Program Files (x86)\LinkSwift\LinkSwiftbho.dll (LinkSwift)
BHO-x32: BrowserPlus2 Toolbar - {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll (Conduit Ltd.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Fast Free Converter 4.1 - {B422F1BC-9ADB-48A7-8B13-00C176039DC5} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll (Fast Free Converter)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - BrowserPlus2 Toolbar - {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {650598E1-B35A-45D3-B607-896D7ACB64C3} -  No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444552440000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Dewey\AppData\Roaming\Mozilla\Firefox\Profiles\0tw2tu4v.default
FF user.js: detected! => C:\Users\Dewey\AppData\Roaming\Mozilla\Firefox\Profiles\0tw2tu4v.default\user.js
FF DefaultSearchEngine: BrowserPlus2 Customized Web Search
FF SelectedSearchEngine: BrowserPlus2 Customized Web Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3309350&octid=CT3309350&SearchSource=61&CUI=UN25627363292861412&UM=2&UP=SP8F947234-742B-495B-8225-A914B2B9CB74
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&SearchSource=2&CUI=UN25627363292861412&UM=2&q=
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Dewey\AppData\Roaming\Mozilla\Firefox\Profiles\0tw2tu4v.default\searchplugins\AOL Search.xml
FF SearchPlugin: C:\Users\Dewey\AppData\Roaming\Mozilla\Firefox\Profiles\0tw2tu4v.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Dewey\AppData\Roaming\Mozilla\Firefox\Profiles\0tw2tu4v.default\searchplugins\conduit.xml
FF Extension: Ask Toolbar - C:\Users\Dewey\AppData\Roaming\Mozilla\Firefox\Profiles\0tw2tu4v.default\Extensions\toolbar@ask.com
FF Extension: BrowserPlus2  - C:\Users\Dewey\AppData\Roaming\Mozilla\Firefox\Profiles\0tw2tu4v.default\Extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}
FF Extension: AOL Toolbar - C:\Users\Dewey\AppData\Roaming\Mozilla\Firefox\Profiles\0tw2tu4v.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF Extension: firefox - C:\Users\Dewey\AppData\Roaming\Mozilla\Firefox\Profiles\0tw2tu4v.default\Extensions\firefox@linkswift.co.xpi
FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF HKLM-x32\...\Firefox\Extensions: [extension@FastFreeConverter.com] C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@FastFreeConverter.com
FF Extension: Fast Free Converter - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@FastFreeConverter.com
Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3309350&SearchSource=48&CUI=UN31884593982327320&UM=2&sspv=TB_TCE2
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3309350&SearchSource=48&CUI=UN31884593982327320&UM=2&sspv=TB_TCE2"
CHR DefaultSearchURL: (AOL Search) - http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=amonetizetest1-ch&tb_uuid=94BEC79E9BD64B92AED45EA80D3515D0&tb_oid=14-07-2013&tb_mrud=14-07-2013
CHR DefaultSuggestURL: (AOL Search) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (WPI Detector 1.4) - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Dewey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Dewey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Dewey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Dewey\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx
CHR HKLM-x32\...\Chrome\Extension: [odpccdgkmiicgocepijnaeihjnjnomca] - C:\Program Files (x86)\LinkSwift\odpccdgkmiicgocepijnaeihjnjnomca.crx
==================== Services (Whitelisted) =================
S4 Apache2.2; C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2011-05-20] (Apache Software Foundation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [97056 2013-05-08] (Conduit)
R2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [193024 2013-07-29] ()
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [84624 2013-06-10] (Microsoft Corporation)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218600 2012-12-29] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57820696 2008-08-15] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [192000 2012-12-29] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [72497640 2012-10-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2423792 2012-10-20] (Microsoft Corporation)
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137304 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [342104 2012-02-11] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [430616 2008-08-15] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [612864 2012-12-29] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
R2 Update LinkSwift; C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe [206624 2013-08-26] (LinkSwift)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84088 2011-04-13] (Symantec Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R3 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL11.MSSQLSERVER [x]
R2 VisualSVNServer; "C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe" -k runservice -C "LoadModule log_visualsvn_module bin/mod_log_visualsvn.so" -E nul [x]
==================== Drivers (Whitelisted) ====================
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2009-10-26] (Marvell Semiconductor, Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation)
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S1 dnyzsgdf; \??\C:\Windows\system32\drivers\dnyzsgdf.sys [x]
S1 kvqizfdw; \??\C:\Windows\system32\drivers\kvqizfdw.sys [x]
S1 nriflxsb; \??\C:\Windows\system32\drivers\nriflxsb.sys [x]
S1 omaghlvu; \??\C:\Windows\system32\drivers\omaghlvu.sys [x]
S1 prrgsxdq; \??\C:\Windows\system32\drivers\prrgsxdq.sys [x]
S1 rjejitnt; \??\C:\Windows\system32\drivers\rjejitnt.sys [x]
S1 sqdefmzf; \??\C:\Windows\system32\drivers\sqdefmzf.sys [x]
S1 tbufmtbs; \??\C:\Windows\system32\drivers\tbufmtbs.sys [x]
S1 trtbgtgg; \??\C:\Windows\system32\drivers\trtbgtgg.sys [x]
S1 whnpfity; \??\C:\Windows\system32\drivers\whnpfity.sys [x]
S1 yoqiqglh; \??\C:\Windows\system32\drivers\yoqiqglh.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-09-04 20:33 - 2013-09-04 20:33 - 01947160 _____ (Farbar) C:\Users\Dewey\Downloads\FRST64.exe
2013-09-01 13:46 - 2013-09-01 13:46 - 00000000 ____D C:\Users\Dewey\Downloads\DotNetNuke_Community_07.01.01_Install
2013-09-01 13:40 - 2013-09-01 13:40 - 48035606 _____ C:\Users\Dewey\Downloads\DotNetNuke_Community_07.01.01_Install.zip
2013-08-31 13:09 - 2013-08-31 13:11 - 00025221 _____ C:\Users\Dewey\Desktop\dds.txt
2013-08-31 13:09 - 2013-08-31 13:11 - 00017872 _____ C:\Users\Dewey\Desktop\attach.txt
2013-08-31 13:05 - 2013-08-31 13:05 - 00688992 ____R (Swearware) C:\Users\Dewey\Desktop\dds.com
2013-08-26 21:45 - 2013-08-26 21:45 - 00000000 ____D C:\Users\Dewey\AppData\Local\CRE
2013-08-26 21:45 - 2013-08-26 21:45 - 00000000 ____D C:\Users\Dewey\AppData\Local\Conduit
2013-08-26 21:45 - 2013-08-26 21:45 - 00000000 ____D C:\Program Files (x86)\LinkSwift
2013-08-26 21:45 - 2013-08-26 21:45 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-08-26 21:45 - 2013-08-26 21:45 - 00000000 ____D C:\Program Files (x86)\BrowserPlus2
2013-08-26 21:45 - 2013-08-26 21:45 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-08-26 21:44 - 2013-08-26 21:49 - 00000000 ____D C:\Users\Dewey\AppData\Roaming\SearchProtect
2013-08-26 21:44 - 2013-08-26 21:44 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-08-26 21:43 - 2013-08-26 21:43 - 79393680 _____ C:\Users\Dewey\Downloads\7zip-setup.exe
2013-08-26 21:03 - 2013-08-26 21:03 - 00116384 _____ (Microsoft Corporation) C:\Users\Dewey\Downloads\dotnetnuke_iis.exe
2013-08-25 00:15 - 2013-08-25 12:21 - 00000000 ____D C:\Users\Dewey\AppData\Roaming\Audacity
2013-08-18 12:47 - 2013-08-18 12:47 - 00000863 _____ C:\Users\Dewey\.recently-used.xbel
2013-08-15 03:05 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 03:05 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 03:05 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 03:05 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 03:05 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 03:05 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 03:05 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 03:05 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 03:05 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 03:05 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 03:05 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 03:05 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 03:05 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 03:05 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 03:05 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 03:05 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 03:05 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 03:05 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 03:05 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 03:05 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 03:05 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 03:05 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 03:05 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 03:05 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 03:05 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 03:05 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 03:05 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 03:05 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 03:05 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 03:05 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 03:05 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 03:01 - 2013-08-15 03:03 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 22:26 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 22:26 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 22:26 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 22:26 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 22:26 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 22:26 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 22:26 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 22:26 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 22:26 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 22:26 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 22:26 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 22:26 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 22:26 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 22:26 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 22:26 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 22:26 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 22:26 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 22:26 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 22:26 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 22:26 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 22:26 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 22:26 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 22:26 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 22:26 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 22:26 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 22:26 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 22:26 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 15:28 - 2013-08-14 22:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
2013-09-04 20:37 - 2013-09-04 20:37 - 00000000 ____D C:\FRST
2013-09-04 20:37 - 2011-05-30 18:10 - 01691215 _____ C:\Windows\WindowsUpdate.log
2013-09-04 20:33 - 2013-09-04 20:33 - 01947160 _____ (Farbar) C:\Users\Dewey\Downloads\FRST64.exe
2013-09-04 20:27 - 2011-07-02 23:00 - 00003492 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-09-04 20:27 - 2011-07-02 23:00 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-09-04 20:27 - 2011-07-02 23:00 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-09-04 20:26 - 2013-07-14 11:51 - 00000356 _____ C:\Windows\Tasks\AmiUpdXp.job
2013-09-04 20:25 - 2012-04-13 18:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-04 20:25 - 2011-08-14 11:00 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-04 07:34 - 2011-08-14 11:00 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-03 06:58 - 2011-07-03 21:06 - 00000000 ____D C:\Dewey
2013-09-02 19:07 - 2011-07-03 21:40 - 00000000 ____D C:\Users\Dewey\Documents\SQL Server Management Studio
2013-09-02 14:47 - 2011-06-28 14:02 - 00000000 ____D C:\Users\Dewey\AppData\Roaming\SoftGrid Client
2013-09-01 13:46 - 2013-09-01 13:46 - 00000000 ____D C:\Users\Dewey\Downloads\DotNetNuke_Community_07.01.01_Install
2013-09-01 13:40 - 2013-09-01 13:40 - 48035606 _____ C:\Users\Dewey\Downloads\DotNetNuke_Community_07.01.01_Install.zip
2013-08-31 13:11 - 2013-08-31 13:09 - 00025221 _____ C:\Users\Dewey\Desktop\dds.txt
2013-08-31 13:11 - 2013-08-31 13:09 - 00017872 _____ C:\Users\Dewey\Desktop\attach.txt
2013-08-31 13:05 - 2013-08-31 13:05 - 00688992 ____R (Swearware) C:\Users\Dewey\Desktop\dds.com
2013-08-31 12:22 - 2011-06-28 13:59 - 00000000 ____D C:\Users\Dewey
2013-08-31 12:05 - 2011-07-03 00:00 - 00000000 ____D C:\inetpub
2013-08-31 11:41 - 2009-07-14 00:13 - 01165502 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-30 08:12 - 2012-09-15 19:41 - 00002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-28 21:27 - 2013-03-13 21:39 - 00037376 ___SH C:\Users\Dewey\Thumbs.db
2013-08-28 01:31 - 2009-07-13 23:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-28 01:31 - 2009-07-13 23:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-28 01:24 - 2013-04-21 19:06 - 00000000 ____D C:\Users\MSSQLFDLauncher
2013-08-28 01:23 - 2013-04-21 19:06 - 00000000 ____D C:\Users\ReportServer
2013-08-28 01:23 - 2013-04-21 19:06 - 00000000 ____D C:\Users\MSSQLServerOLAPService
2013-08-28 01:23 - 2013-04-21 19:06 - 00000000 ____D C:\Users\MsDtsServer110
2013-08-28 01:23 - 2013-04-21 19:05 - 00000000 ____D C:\Users\MSSQLSERVER
2013-08-28 01:23 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-28 01:23 - 2009-07-13 23:51 - 00058429 _____ C:\Windows\setupact.log
2013-08-28 01:22 - 2010-11-20 22:47 - 00468420 _____ C:\Windows\PFRO.log
2013-08-28 00:00 - 2013-07-15 22:35 - 00000000 ____D C:\Users\Dewey\AppData\Roaming\uTorrent
2013-08-26 21:49 - 2013-08-26 21:44 - 00000000 ____D C:\Users\Dewey\AppData\Roaming\SearchProtect
2013-08-26 21:45 - 2013-08-26 21:45 - 00000000 ____D C:\Users\Dewey\AppData\Local\CRE
2013-08-26 21:45 - 2013-08-26 21:45 - 00000000 ____D C:\Users\Dewey\AppData\Local\Conduit
2013-08-26 21:45 - 2013-08-26 21:45 - 00000000 ____D C:\Program Files (x86)\LinkSwift
2013-08-26 21:45 - 2013-08-26 21:45 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-08-26 21:45 - 2013-08-26 21:45 - 00000000 ____D C:\Program Files (x86)\BrowserPlus2
2013-08-26 21:45 - 2013-08-26 21:45 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-08-26 21:45 - 2013-07-14 11:52 - 00000009 _____ C:\END
2013-08-26 21:44 - 2013-08-26 21:44 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-08-26 21:44 - 2012-01-02 12:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-26 21:43 - 2013-08-26 21:43 - 79393680 _____ C:\Users\Dewey\Downloads\7zip-setup.exe
2013-08-26 21:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2013-08-26 21:37 - 2011-05-30 18:19 - 00000000 ____D C:\ProgramData\PCDr
2013-08-26 21:14 - 2013-03-13 21:40 - 00000000 ____D C:\Users\Dewey\Downloads\Microsoft Software
2013-08-26 21:03 - 2013-08-26 21:03 - 00116384 _____ (Microsoft Corporation) C:\Users\Dewey\Downloads\dotnetnuke_iis.exe
2013-08-25 12:21 - 2013-08-25 00:15 - 00000000 ____D C:\Users\Dewey\AppData\Roaming\Audacity
2013-08-22 22:10 - 2013-07-14 11:52 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
2013-08-18 12:53 - 2012-01-02 14:02 - 00000000 ____D C:\Users\Dewey\.gimp-2.6
2013-08-18 12:47 - 2013-08-18 12:47 - 00000863 _____ C:\Users\Dewey\.recently-used.xbel
2013-08-16 20:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 03:25 - 2011-07-02 23:00 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-08-15 03:24 - 2013-01-13 20:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-15 03:03 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 03:01 - 2011-06-29 23:06 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 22:13 - 2013-08-11 15:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-11 14:43 - 2011-07-02 23:00 - 00004230 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.bat
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\ProgramData\dsgsdgdsgdsgw.reg
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-01 01:42
==================== End Of Log ============================

 



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:01 AM

Posted 04 September 2013 - 10:19 PM

Please run the following:

Download attached fixlist.txt file and save it to the Desktop.

Attached File  FixList.txt   5.59KB   2 downloads

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 dewmangolf

dewmangolf
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 04 September 2013 - 10:31 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-09-2013
Ran by Dewey at 2013-09-04 22:29:26 Run:1
Running from C:\Users\Dewey\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
(Conduit) C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
() C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
(Conduit) C:\Users\Dewey\AppData\Roaming\SearchProtect\bin\cltmng.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
HKCU\...\Run: [SearchProtect] - C:\Users\Dewey\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Dewey\AppData\Local\Temp\smwcuse\svnjuds\wow64.dll ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit)
HKU\ASP.NET V2.0 Integrated\...\RunOnce: [] -  [x]
HKU\ASP.NET v4.0\...\RunOnce: [] -  [x]
HKU\Classic .NET AppPool\...\RunOnce: [] -  [x]
HKU\Default\...\RunOnce: [] -  [x]
HKU\Default User\...\RunOnce: [] -  [x]
HKU\DefaultAppPool\...\RunOnce: [] -  [x]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3309350&octid=CT3309350&SearchSource=61&CUI=UN82566015370482138&UM=2&UP=SP8F947234-742B-495B-8225-A914B2B9CB74
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
URLSearchHook: (No Name) - {650598e1-b35a-45d3-b607-896d7acb64c3} -  No File
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=352&systemid=406&apn_uid=6252592244064882&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {3763B705-F047-4590-992B-5CCC0FFC24F6} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=352&systemid=406&apn_uid=6252592244064882&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - DefaultScope {3763B705-F047-4590-992B-5CCC0FFC24F6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309350&CUI=UN82566015370482138&UM=2
SearchScopes: HKCU - {3763B705-F047-4590-992B-5CCC0FFC24F6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309350&CUI=UN82566015370482138&UM=2
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKCU - {B5FF2485-1C82-458E-85E1-F35D6C1C6DA0} URL =
SearchScopes: HKCU - {BB69A1EC-B107-405C-973C-B21685D44DD5} URL =
BHO-x32: DownloadTerms - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Dewey\AppData\Local\DownloadTerms\temp.dat No File
BHO-x32: BrowserPlus2 Toolbar - {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll (Conduit Ltd.)
BHO-x32: Fast Free Converter 4.1 - {B422F1BC-9ADB-48A7-8B13-00C176039DC5} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll (Fast Free Converter)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - BrowserPlus2 Toolbar - {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {650598E1-B35A-45D3-B607-896D7ACB64C3} -  No File
FF Homepage: hxxp://search.conduit.com/?ctid=CT3309350&octid=CT3309350&SearchSource=61&CUI=UN25627363292861412&UM=2&UP=SP8F947234-742B-495B-8225-A914B2B9CB74
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&SearchSource=2&CUI=UN25627363292861412&UM=2&q=
FF SearchPlugin: C:\Users\Dewey\AppData\Roaming\Mozilla\Firefox\Profiles\0tw2tu4v.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Dewey\AppData\Roaming\Mozilla\Firefox\Profiles\0tw2tu4v.default\searchplugins\conduit.xml
FF Extension: Ask Toolbar - C:\Users\Dewey\AppData\Roaming\Mozilla\Firefox\Profiles\0tw2tu4v.default\Extensions\toolbar@ask.com
FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3309350&SearchSource=48&CUI=UN31884593982327320&UM=2&sspv=TB_TCE2
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3309350&SearchSource=48&CUI=UN31884593982327320&UM=2&sspv=TB_TCE2"
S1 dnyzsgdf; \??\C:\Windows\system32\drivers\dnyzsgdf.sys [x]
S1 kvqizfdw; \??\C:\Windows\system32\drivers\kvqizfdw.sys [x]
S1 nriflxsb; \??\C:\Windows\system32\drivers\nriflxsb.sys [x]
S1 omaghlvu; \??\C:\Windows\system32\drivers\omaghlvu.sys [x]
S1 prrgsxdq; \??\C:\Windows\system32\drivers\prrgsxdq.sys [x]
S1 rjejitnt; \??\C:\Windows\system32\drivers\rjejitnt.sys [x]
S1 sqdefmzf; \??\C:\Windows\system32\drivers\sqdefmzf.sys [x]
S1 tbufmtbs; \??\C:\Windows\system32\drivers\tbufmtbs.sys [x]
S1 trtbgtgg; \??\C:\Windows\system32\drivers\trtbgtgg.sys [x]
S1 whnpfity; \??\C:\Windows\system32\drivers\whnpfity.sys [x]
S1 yoqiqglh; \??\C:\Windows\system32\drivers\yoqiqglh.sys [x]
2013-08-26 21:45 - 2013-08-26 21:45 - 00000000 ____D C:\Users\Dewey\AppData\Local\Conduit
2013-08-26 21:45 - 2013-08-26 21:45 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-08-26 21:45 - 2013-08-26 21:45 - 00000000 ____D C:\Program Files (x86)\BrowserPlus2
2013-08-26 21:44 - 2013-08-26 21:49 - 00000000 ____D C:\Users\Dewey\AppData\Roaming\SearchProtect
2013-08-26 21:44 - 2013-08-26 21:44 - 00000000 ____D C:\Program Files (x86)\SearchProtect
C:\ProgramData\dsgsdgdsgdsgw.bat
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\ProgramData\dsgsdgdsgdsgw.reg
end

 

 

 

 

 

 

 

 

 

 

 

 

*****************

[1564] C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe => Process closed successfully.
[1628] C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe => Process closed successfully.
[5836] C:\Users\Dewey\AppData\Roaming\SearchProtect\bin\cltmng.exe => Process closed successfully.
[6756] C:\Program Files (x86)\Ask.com\Updater\Updater.exe => Process closed successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value deleted successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll => Value deleted successfully.
HKU\ASP.NET V2.0 Integrated\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value deleted successfully.
HKU\ASP.NET v4.0\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value deleted successfully.
HKU\Classic .NET AppPool\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value deleted successfully.
HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value not found.
HKU\DefaultAppPool\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value deleted successfully.
HKCR\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{650598e1-b35a-45d3-b607-896d7acb64c3} => Value deleted successfully.
HKCR\CLSID\{650598e1-b35a-45d3-b607-896d7acb64c3} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3763B705-F047-4590-992B-5CCC0FFC24F6} => Key deleted successfully.
HKCR\CLSID\{3763B705-F047-4590-992B-5CCC0FFC24F6} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B5FF2485-1C82-458E-85E1-F35D6C1C6DA0} => Key deleted successfully.
HKCR\CLSID\{B5FF2485-1C82-458E-85E1-F35D6C1C6DA0} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB69A1EC-B107-405C-973C-B21685D44DD5} => Key deleted successfully.
HKCR\CLSID\{BB69A1EC-B107-405C-973C-B21685D44DD5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{650598e1-b35a-45d3-b607-896d7acb64c3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{650598e1-b35a-45d3-b607-896d7acb64c3} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B422F1BC-9ADB-48A7-8B13-00C176039DC5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B422F1BC-9ADB-48A7-8B13-00C176039DC5} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{650598e1-b35a-45d3-b607-896d7acb64c3} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{650598e1-b35a-45d3-b607-896d7acb64c3} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{650598E1-B35A-45D3-B607-896D7ACB64C3} => Value deleted successfully.
HKCR\CLSID\{650598E1-B35A-45D3-B607-896D7ACB64C3} => Key not found.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Dewey\AppData\Roaming\Mozilla\Firefox\Profiles\0tw2tu4v.default\searchplugins\askcom.xml => Moved successfully.
C:\Users\Dewey\AppData\Roaming\Mozilla\Firefox\Profiles\0tw2tu4v.default\searchplugins\conduit.xml => Moved successfully.
C:\Users\Dewey\AppData\Roaming\Mozilla\Firefox\Profiles\0tw2tu4v.default\Extensions\toolbar@ask.com => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net => Moved successfully.
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3309350&SearchSource=48&CUI=UN31884593982327320&UM=2&sspv=TB_TCE2 ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3309350&SearchSource=48&CUI=UN31884593982327320&UM=2&sspv=TB_TCE2" ==> The Chrome "Settings" can be used to fix the entry.
dnyzsgdf => Service deleted successfully.
kvqizfdw => Service deleted successfully.
nriflxsb => Service deleted successfully.
omaghlvu => Service deleted successfully.
prrgsxdq => Service deleted successfully.
rjejitnt => Service deleted successfully.
sqdefmzf => Service deleted successfully.
tbufmtbs => Service deleted successfully.
trtbgtgg => Service deleted successfully.
whnpfity => Service deleted successfully.
yoqiqglh => Service deleted successfully.
C:\Users\Dewey\AppData\Local\Conduit => Moved successfully.
C:\Program Files (x86)\Conduit => Moved successfully.
C:\Program Files (x86)\BrowserPlus2 => Moved successfully.
C:\Users\Dewey\AppData\Roaming\SearchProtect => Moved successfully.
C:\Program Files (x86)\SearchProtect => Moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.bat => Moved successfully.
"C:\ProgramData\dsgsdgdsgdsgw.pad" => File/Directory not found.
C:\ProgramData\dsgsdgdsgdsgw.reg => Moved successfully.

==== End of Fixlog ====



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:01 AM

Posted 04 September 2013 - 10:34 PM

Please run the following:

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 dewmangolf

dewmangolf
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 04 September 2013 - 11:20 PM

ComboFix 13-09-04.04 - Dewey 09/04/2013  22:44:30.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.12112.8186 [GMT -5:00]
Running from: c:\users\Dewey\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2c2c2431363b3b25_c
c:\users\Dewey\AppData\Local\assembly\tmp
c:\windows\SysWow64\bin
Q:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FastFreeConverterUpdt
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-05 to 2013-09-05  )))))))))))))))))))))))))))))))
.
.
2013-09-05 03:50 . 2013-09-05 03:50 -------- d-----w- c:\users\ReportServer\AppData\Local\temp
2013-09-05 03:50 . 2013-09-05 03:50 -------- d-----w- c:\users\MSSQLServerOLAPService\AppData\Local\temp
2013-09-05 03:50 . 2013-09-05 03:50 -------- d-----w- c:\users\MSSQLSERVER\AppData\Local\temp
2013-09-05 03:50 . 2013-09-05 03:50 -------- d-----w- c:\users\MSSQLFDLauncher\AppData\Local\temp
2013-09-05 03:50 . 2013-09-05 03:50 -------- d-----w- c:\users\MsDtsServer110\AppData\Local\temp
2013-09-05 03:50 . 2013-09-05 03:50 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-09-05 03:50 . 2013-09-05 03:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-05 01:56 . 2013-09-05 01:56 -------- d-----w- c:\programdata\Malwarebytes
2013-09-05 01:56 . 2013-09-05 02:09 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-05 01:37 . 2013-09-05 01:37 -------- d-----w- C:\FRST
2013-09-05 01:37 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4673FA9B-9C4F-4A74-A5C4-39EAC7F7797C}\mpengine.dll
2013-09-03 22:54 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-27 02:45 . 2013-08-27 02:45 -------- d-----w- c:\program files (x86)\7-Zip
2013-08-27 02:45 . 2013-08-27 02:45 -------- d-----w- c:\program files (x86)\LinkSwift
2013-08-27 02:45 . 2013-08-27 02:45 -------- d-----w- c:\users\Dewey\AppData\Local\CRE
2013-08-27 01:54 . 2013-08-27 01:54 -------- d-----w- c:\program files\Microsoft
2013-08-25 05:15 . 2013-08-25 17:21 -------- d-----w- c:\users\Dewey\AppData\Roaming\Audacity
2013-08-23 03:07 . 2013-08-23 03:06 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E8C6C45-2297-4416-B825-8DE5FFC6EF5C}\gapaengine.dll
2013-08-15 08:01 . 2013-08-15 08:03 -------- d-----w- c:\windows\system32\MRT
2013-08-11 20:28 . 2013-08-15 03:13 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-15 08:01 . 2011-06-30 04:06 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-03 00:50 . 2012-04-13 23:10 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-03 00:50 . 2011-08-14 16:00 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-17 14:24 . 2011-08-12 12:32 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-09 04:45 . 2013-08-15 03:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{323420b6-65e5-4657-8106-a27392d4d4aa}]
2013-08-27 00:46 149280 ----a-w- c:\program files (x86)\LinkSwift\LinkSwiftBHO.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeScreenSharing"="c:\users\Dewey\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe" [2011-11-22 2204488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-11-17 112152]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"Power Manager Power Agenda"="c:\progra~2\ThinkPad\UTILIT~1\DPMHost.exe" [2010-12-14 75064]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-02-09 4309184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\Dewey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2013-3-13 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2011-5-20 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SQL Server Distributed Replay Client;SQL Server Distributed Replay Client;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [x]
R3 SQL Server Distributed Replay Controller;SQL Server Distributed Replay Controller;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0102.sys [x]
R4 RsFx0201;RsFx0201 Driver;c:\windows\system32\DRIVERS\RsFx0201.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0201.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [x]
S2 MsDtsServer110;SQL Server Integration Services 11.0;c:\program files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe;c:\program files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [x]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Update LinkSwift;Update LinkSwift;c:\program files (x86)\LinkSwift\updateLinkSwift.exe;c:\program files (x86)\LinkSwift\updateLinkSwift.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S2 VisualSVNServer;VisualSVN Server;c:\program files (x86)\VisualSVN Server\bin\VisualSVNServer.exe;c:\program files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [x]
S3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-30 13:11 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 00:50]
.
2013-09-05 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Dewey\AppData\Local\SwvUpdater\Updater.exe [2013-07-14 01:55]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 16:00]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 16:00]
.
2013-08-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2013-09-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-19 11490408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-14 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-14 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-14 418328]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Dewey\AppData\Roaming\Mozilla\Firefox\Profiles\0tw2tu4v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&CUI=UN25627363292861412&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BrowserPlus2 Customized Web Search
FF - ExtSQL: 2013-07-14 11:53; {740B3FD5-4483-469D-BE7F-8555B153BD04}; c:\program files (x86)\Mozilla Firefox\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-BrowserPlus2 Toolbar - c:\program files (x86)\BrowserPlus2\uninstall.exe
AddRemove-SearchProtect - c:\program files (x86)\SearchProtect\bin\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
--
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ReportServerSharePoint:Service]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Symantec\VIP Access Client\WhiteList.exe
c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
.
**************************************************************************
.
Completion time: 2013-09-04  23:08:25 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-05 04:08
.
Pre-Run: 356,483,694,592 bytes free
Post-Run: 357,340,377,088 bytes free
.
- - End Of File - - 70CB73F39F87A195121B38C14EA6012D
 



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:01 AM

Posted 05 September 2013 - 05:29 AM

looking better, but there are still signs of adware in the log, so please run the following:


Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select CLEAN
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT


Please download Malwarebytes Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 dewmangolf

dewmangolf
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 06 September 2013 - 07:45 AM

I DON'T HAVE THE LOG FROM ADWARECLEANER ALTHOUGH I DID RUN IT.  IT IS NOT ON MY DESKTOP.  I THINK A SUBSEQUENT REBOOT MAY HAVE CLOSED IT?

THE ESET SCANNER IS TAKING FOREVER -- 24 HRS. AND IT IS ONLY 20% DONE.  WHAT SHOULD I DO?

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows 7 Professional x64
Ran by Dewey on Thu 09/05/2013 at  7:09:08.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc
Successfully stopped: [Service] update linkswift
Successfully deleted: [Service] update linkswift

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1164419381-2959505493-3402278656-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividmediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3309350
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r352-n-bi_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SetupDataMngr_iLivid_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r352-n-bi_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_iLivid_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323420b6-65e5-4657-8106-a27392d4d4aa}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{323420b6-65e5-4657-8106-a27392d4d4aa}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"

 

~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\amiupdxp.job
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\nsprotector.js"
Successfully deleted: [File] "C:\end"
Successfully deleted: [File] C:\Windows\syswow64\sho7E86.tmp

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Dewey\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Dewey\appdata\local\downloadterms"
Successfully deleted: [Folder] "C:\Users\Dewey\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\Dewey\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Dewey\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Dewey\appdata\locallow\fast free converter"
Successfully deleted: [Folder] "C:\Users\Dewey\appdata\locallow\searchresultstb"
Successfully deleted: [Folder] "C:\Program Files (x86)\fast free converter"
Successfully deleted: [Folder] "C:\Program Files (x86)\file type helper"
Successfully deleted: [Folder] "C:\Program Files (x86)\linkswift"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
Successfully deleted: [Empty Folder] C:\Users\Dewey\appdata\local\{0BEDEAF6-2F79-489F-8C31-A4AB17A4B708}
Successfully deleted: [Empty Folder] C:\Users\Dewey\appdata\local\{488E0B46-9642-4304-BE12-A4C863F9D959}
Successfully deleted: [Empty Folder] C:\Users\Dewey\appdata\local\{61C1DA74-A250-4EDD-BFCB-C9F28934E677}
Successfully deleted: [Empty Folder] C:\Users\Dewey\appdata\local\{8694E782-3BD6-40DC-9766-4DA25E834CE7}
Successfully deleted: [Empty Folder] C:\Users\Dewey\appdata\local\{ED1E4A73-54DA-43E2-A7B4-7CE6B8F727EE}
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\Dewey\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

 

~~~ FireFox

Successfully deleted: [File] C:\Users\Dewey\AppData\Roaming\mozilla\firefox\profiles\0tw2tu4v.default\user.js
Successfully deleted: [Folder] C:\Users\Dewey\AppData\Roaming\mozilla\firefox\profiles\0tw2tu4v.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\extension@fastfreeconverter.com
Successfully deleted the following from C:\Users\Dewey\AppData\Roaming\mozilla\firefox\profiles\0tw2tu4v.default\prefs.js

user_pref("CT3309350.smartbar.homepage", "true");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("browser.search.defaultenginename", "BrowserPlus2 Customized Web Search");
user_pref("browser.search.defaultthis.engineName", "BrowserPlus2 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&CUI=UN25627363292861412&UM=2&SearchSource=3&q={searchTerms}");
user_pref("browser.search.selectedEngine", "BrowserPlus2 Customized Web Search");
user_pref("smartbar.addressBarOwnerCTID", "CT3309350");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3309350&CUI=UN25627363292861412&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3309350&oct
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&SearchSource=2&CUI=UN25627363292861412&UM=2&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3309350");
user_pref("smartbar.homePageOwnerCTID", "CT3309350");
user_pref("smartbar.machineId", "GO7RFOAPEKGFMJOPQRM+0UTUF4LI2GXRL/QVPAY5GZPK7VHQJHI6NDFFI42RYOAUCWMN4GHDK6FDA9CU9YC9DA");
user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3309350&CUI=UN25627363292861412&UM=2&SearchSource=13");

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/05/2013 at  7:13:04.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.05.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Dewey :: DEWEYIBM [administrator]

9/5/2013 7:33:43 AM
mbam-log-2013-09-05 (07-33-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 439974
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{323420B6-65E5-4657-8106-A27392D4D4AA} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{323420B6-65E5-4657-8106-A27392D4D4AA} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Dewey\Downloads\iLividSetup-r352-n-bi.exe (PUP.Optional.Vid) -> Quarantined and deleted successfully.
C:\Users\Dewey\Downloads\MediaUpdater__2577_i33316262_il561301.exe (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\Users\Dewey\Downloads\Setup (1).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Dewey\Downloads\setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.

(end)



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:01 AM

Posted 06 September 2013 - 11:42 AM

The log from adwCleaner should be located at the root of your C:\ drive.

Is the ESET scan still going?

Are there any detections so far?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 dewmangolf

dewmangolf
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 07 September 2013 - 02:11 PM

HERE IS COMBOFIX.TXT.  ESET IS STOPPED WITH 16 INFECTIONS DETECTED.  IS THERE A WAY I CAN GET YOU THE LOG THUS FAR?

 

 

ComboFix 13-09-04.04 - Dewey 09/04/2013  22:44:30.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.12112.8186 [GMT -5:00]
Running from: c:\users\Dewey\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2c2c2431363b3b25_c
c:\users\Dewey\AppData\Local\assembly\tmp
c:\windows\SysWow64\bin
Q:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FastFreeConverterUpdt
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-05 to 2013-09-05  )))))))))))))))))))))))))))))))
.
.
2013-09-05 03:50 . 2013-09-05 03:50 -------- d-----w- c:\users\ReportServer\AppData\Local\temp
2013-09-05 03:50 . 2013-09-05 03:50 -------- d-----w- c:\users\MSSQLServerOLAPService\AppData\Local\temp
2013-09-05 03:50 . 2013-09-05 03:50 -------- d-----w- c:\users\MSSQLSERVER\AppData\Local\temp
2013-09-05 03:50 . 2013-09-05 03:50 -------- d-----w- c:\users\MSSQLFDLauncher\AppData\Local\temp
2013-09-05 03:50 . 2013-09-05 03:50 -------- d-----w- c:\users\MsDtsServer110\AppData\Local\temp
2013-09-05 03:50 . 2013-09-05 03:50 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-09-05 03:50 . 2013-09-05 03:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-05 01:56 . 2013-09-05 01:56 -------- d-----w- c:\programdata\Malwarebytes
2013-09-05 01:56 . 2013-09-05 02:09 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-05 01:37 . 2013-09-05 01:37 -------- d-----w- C:\FRST
2013-09-05 01:37 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4673FA9B-9C4F-4A74-A5C4-39EAC7F7797C}\mpengine.dll
2013-09-03 22:54 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-27 02:45 . 2013-08-27 02:45 -------- d-----w- c:\program files (x86)\7-Zip
2013-08-27 02:45 . 2013-08-27 02:45 -------- d-----w- c:\program files (x86)\LinkSwift
2013-08-27 02:45 . 2013-08-27 02:45 -------- d-----w- c:\users\Dewey\AppData\Local\CRE
2013-08-27 01:54 . 2013-08-27 01:54 -------- d-----w- c:\program files\Microsoft
2013-08-25 05:15 . 2013-08-25 17:21 -------- d-----w- c:\users\Dewey\AppData\Roaming\Audacity
2013-08-23 03:07 . 2013-08-23 03:06 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E8C6C45-2297-4416-B825-8DE5FFC6EF5C}\gapaengine.dll
2013-08-15 08:01 . 2013-08-15 08:03 -------- d-----w- c:\windows\system32\MRT
2013-08-11 20:28 . 2013-08-15 03:13 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-15 08:01 . 2011-06-30 04:06 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-03 00:50 . 2012-04-13 23:10 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-03 00:50 . 2011-08-14 16:00 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-17 14:24 . 2011-08-12 12:32 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-09 04:45 . 2013-08-15 03:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{323420b6-65e5-4657-8106-a27392d4d4aa}]
2013-08-27 00:46 149280 ----a-w- c:\program files (x86)\LinkSwift\LinkSwiftBHO.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeScreenSharing"="c:\users\Dewey\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe" [2011-11-22 2204488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-11-17 112152]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"Power Manager Power Agenda"="c:\progra~2\ThinkPad\UTILIT~1\DPMHost.exe" [2010-12-14 75064]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-02-09 4309184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\Dewey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2013-3-13 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2011-5-20 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SQL Server Distributed Replay Client;SQL Server Distributed Replay Client;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [x]
R3 SQL Server Distributed Replay Controller;SQL Server Distributed Replay Controller;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0102.sys [x]
R4 RsFx0201;RsFx0201 Driver;c:\windows\system32\DRIVERS\RsFx0201.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0201.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [x]
S2 MsDtsServer110;SQL Server Integration Services 11.0;c:\program files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe;c:\program files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [x]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Update LinkSwift;Update LinkSwift;c:\program files (x86)\LinkSwift\updateLinkSwift.exe;c:\program files (x86)\LinkSwift\updateLinkSwift.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S2 VisualSVNServer;VisualSVN Server;c:\program files (x86)\VisualSVN Server\bin\VisualSVNServer.exe;c:\program files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [x]
S3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-30 13:11 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 00:50]
.
2013-09-05 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Dewey\AppData\Local\SwvUpdater\Updater.exe [2013-07-14 01:55]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 16:00]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 16:00]
.
2013-08-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2013-09-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-19 11490408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-14 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-14 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-14 418328]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Dewey\AppData\Roaming\Mozilla\Firefox\Profiles\0tw2tu4v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&CUI=UN25627363292861412&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BrowserPlus2 Customized Web Search
FF - ExtSQL: 2013-07-14 11:53; {740B3FD5-4483-469D-BE7F-8555B153BD04}; c:\program files (x86)\Mozilla Firefox\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-BrowserPlus2 Toolbar - c:\program files (x86)\BrowserPlus2\uninstall.exe
AddRemove-SearchProtect - c:\program files (x86)\SearchProtect\bin\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
--
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ReportServerSharePoint:Service]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Symantec\VIP Access Client\WhiteList.exe
c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
.
**************************************************************************
.
Completion time: 2013-09-04  23:08:25 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-05 04:08
.
Pre-Run: 356,483,694,592 bytes free
Post-Run: 357,340,377,088 bytes free
.
- - End Of File - - 70CB73F39F87A195121B38C14EA6012D
 



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:01 AM

Posted 07 September 2013 - 10:09 PM

try a screen shot of the detections, or re-run ESET, make sure all other windows are closed

let it run over night if need be.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 dewmangolf

dewmangolf
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 11 September 2013 - 06:03 PM

I'm not sure I'm going to be able to complete the ESET scan.  Ran it 10 hours today and the same 14 files showed up.  Only 20% completed. I need my computer too much to spare a 50-hour scan.  What alternative is there?



#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:01 AM

Posted 11 September 2013 - 08:01 PM

did you make a note of the detections?

Please advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:01 AM

Posted 23 September 2013 - 12:56 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users