Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unable to download from internet. do not know why.


  • Please log in to reply
7 replies to this topic

#1 nicholebridges

nicholebridges

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traverse City Mi
  • Local time:11:16 PM

Posted 29 October 2013 - 10:12 AM

Attached File  attach.txt   6.92KB   3 downloadsEvery time I try to download from the internet a bar pops up at the bottom of my screen (think it is windows) it says it starting download then running a security check then it say's the files name couldn't be downloaded. DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 1.6.0_31
Run by kit at 10:56:06 on 2013-10-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2038.1004 [GMT -4:00]
.
AV: Trend Micro Titanium Antivirus+ *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Titanium Antivirus+ *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\wrapper_inst\file_to_run.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Users\kit\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\program files\trend micro\amsp\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - c:\program files\trend micro\amsp\module\20002\8.0.1109\8.0.1109\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [VMM Mode Selection] c:\program files\htc\modeselection\VMMModeSelection.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [pcreg] c:\program files\wrapper_inst\service.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRunOnce: [DCERegBootClean] c:\windows\RegBootClean.exe
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\kit\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\kit\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Strike%20Ball%203/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{077E4E53-1A7C-467B-AFFF-870D70420437} : NameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{896F46CA-7FCF-41A9-B97C-42A886AD32C3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{896F46CA-7FCF-41A9-B97C-42A886AD32C3}\0484F6D65603532364 : DHCPNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
TCP: Interfaces\{896F46CA-7FCF-41A9-B97C-42A886AD32C3}\055726C69636F575962756C6563737 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{896F46CA-7FCF-41A9-B97C-42A886AD32C3}\34F4C494D2236335D2838383D2239393D203037313 : DHCPNameServer = 216.245.224.4 216.245.225.142
TCP: Interfaces\{896F46CA-7FCF-41A9-B97C-42A886AD32C3}\4462D4 : DHCPNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\8.0.1109\8.0.1109\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~2\bitguard\261694~1.246\{c16c1~1\bitguard.dll c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-2-7 15672]
R0 TMEBC;TMEBC;c:\windows\system32\drivers\TMEBC32.sys [2013-10-28 40736]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2013-10-28 83352]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2013-10-28 287256]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]
R2 pcregservice;pcregservice Service;c:\program files\wrapper_inst\file_to_run.exe [2013-9-24 25088]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]
R3 tmeevw;tmeevw;c:\windows\system32\drivers\tmeevw.sys [2013-10-28 85280]
R3 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [2013-10-28 282272]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Andbus;LGE Android Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-11-9 14336]
S3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-11-9 20864]
S3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-11-9 19968]
S3 ANDModem;LGE Android USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-11-9 24960]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-11 167264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-8-20 84248]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-7-5 30192]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-4-4 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-10-21 14848]
S3 spotJ;Spot Software GPS USB Driver (spotJ);c:\windows\system32\drivers\spotJ32.sys [2007-5-27 36608]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-8-20 182680]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2009-8-12 222720]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2009-7-22 148992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-10-21 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-17 1343400]
.
=============== File Associations ===============
.
.chm: <filetype is not registered>
.ini: <filetype is not registered>
.inf: <filetype is not registered>
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~3\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-10-29 14:41:42 -------- d--h--w- c:\windows\PIF
2013-10-29 12:55:10 -------- d-----w- C:\New folder (2)
2013-10-29 00:46:16 209432 ----a-w- c:\windows\RegBootClean.exe
2013-10-29 00:29:58 -------- d--h--w- C:\TMRescueDisk
2013-10-29 00:27:31 85280 ----a-w- c:\windows\system32\drivers\tmeevw.sys
2013-10-29 00:27:29 282272 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2013-10-29 00:27:28 92304 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2013-10-29 00:27:16 83352 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2013-10-29 00:27:16 288840 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-10-29 00:27:16 102904 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2013-10-29 00:27:15 40736 ----a-w- c:\windows\system32\drivers\TMEBC32.sys
2013-10-29 00:23:25 59 ----a-w- c:\windows\system32\SupportTool.exe.bat
2013-10-29 00:20:44 -------- d-----w- c:\program files\Trend Micro
2013-10-29 00:20:32 -------- d-----w- c:\programdata\Trend Micro
2013-10-29 00:06:32 -------- d-----w- c:\users\kit\appdata\local\Trend Micro
2013-10-27 15:51:46 -------- d-----w- c:\users\kit\appdata\local\{B92A05AE-9412-4902-BE93-7333155437FD}
2013-10-25 21:19:58 -------- d-----w- c:\program files\Speccy
2013-10-25 15:14:23 -------- d-----w- c:\users\kit\appdata\local\Programs
2013-10-24 20:16:13 -------- d-sh--w- C:\$RECYCLE.BIN
2013-10-22 19:12:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-10-22 19:12:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-10-22 19:12:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-10-22 19:12:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-10-22 19:12:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-10-22 19:12:57 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2013-10-22 19:12:57 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2013-10-22 19:12:57 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2013-10-22 19:12:57 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2013-10-22 19:12:57 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2013-10-21 22:38:13 1699328 ----a-w- c:\windows\system32\esent.dll
2013-10-21 22:38:13 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2013-10-21 22:38:12 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2013-10-21 22:38:12 74240 ----a-w- c:\windows\system32\fsutil.exe
2013-10-21 22:38:12 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2013-10-21 22:38:12 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2013-10-21 22:38:12 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2013-10-21 22:38:12 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2013-10-21 22:38:06 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-10-21 22:38:06 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-10-21 22:37:22 156672 ----a-w- c:\windows\system32\ncsi.dll
2013-10-21 22:37:21 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-10-21 22:37:21 175104 ----a-w- c:\windows\system32\netcorehc.dll
2013-10-21 22:37:20 52224 ----a-w- c:\windows\system32\nlaapi.dll
2013-10-21 22:37:20 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-10-21 22:37:20 242176 ----a-w- c:\windows\system32\nlasvc.dll
2013-10-21 22:37:20 18944 ----a-w- c:\windows\system32\netevent.dll
2013-10-21 22:37:14 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-10-21 22:37:14 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-10-21 22:37:14 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-21 22:37:11 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-10-21 22:37:02 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-10-21 22:29:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-10-21 22:29:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-10-21 22:29:14 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-10-19 13:35:57 -------- d-----w- c:\windows\system32\Extensions
2013-10-19 13:35:56 -------- d-----w- c:\windows\system32\searchplugins
2013-10-17 13:29:29 -------- d-----w- c:\users\kit\appdata\local\{B70C2A64-A377-40F9-B962-BCA5B3543305}
2013-10-17 13:29:19 -------- d-----w- c:\users\kit\appdata\roaming\Windows Live Writer
2013-10-17 13:29:19 -------- d-----w- c:\users\kit\appdata\local\Windows Live Writer
2013-10-16 19:32:11 -------- d-----w- c:\programdata\BitGuard
2013-10-16 19:32:00 -------- d-----w- c:\users\kit\appdata\roaming\BabSolution
2013-10-15 21:41:00 -------- d-----w- c:\users\kit\appdata\local\{D8DACC3E-A9A2-40B3-BA5E-4A060588656A}
2013-10-15 21:41:00 -------- d-----w- c:\users\kit\appdata\local\{AA455DC4-5FB4-4C25-8868-0DCEC4A43DFB}
2013-10-08 22:15:17 530432 ----a-w- c:\windows\system32\comctl32.dll
2013-10-08 22:14:59 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-08 22:14:58 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-07 20:47:35 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-10-07 19:40:03 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-10-07 19:35:07 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-10-05 21:53:09 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-10-05 21:53:09 1796096 ----a-w- c:\windows\system32\authui.dll
2013-10-05 21:53:09 101720 ----a-w- c:\windows\system32\consent.exe
2013-10-04 23:55:26 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-10-04 23:55:23 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-10-04 23:55:23 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-10-04 23:55:23 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-10-04 23:55:23 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-10-04 23:53:30 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-10-04 23:53:26 903168 ----a-w- c:\windows\system32\certutil.exe
2013-10-04 23:53:25 43008 ----a-w- c:\windows\system32\certenc.dll
2013-10-04 23:53:08 509440 ----a-w- c:\windows\system32\qedit.dll
2013-10-04 23:52:55 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-10-04 23:52:43 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2013-10-04 23:52:43 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2013-10-04 23:52:43 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-10-04 23:52:42 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2013-10-04 23:52:13 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
.
==================== Find3M  ====================
.
2013-10-08 21:54:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-08 21:54:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 19:39:07 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-28 12:21:32 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-09-22 23:28:06 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-21 03:30:24 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-21 02:39:47 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-04 01:15:32 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 01:14:52 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 01:14:52 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 01:14:45 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 01:14:45 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 01:14:43 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 01:14:40 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-08-20 11:02:14 84248 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-08-20 11:02:14 182680 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-01 11:03:36 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
.
============= FINISH: 10:56:33.77 ===============
 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:16 PM

Posted 01 November 2013 - 10:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I suggest you donwload these tools from a Good computer to a Flash driver or CD.
Copy the file to the Desktop of the problem computer and run them.

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 nicholebridges

nicholebridges
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traverse City Mi
  • Local time:11:16 PM

Posted 01 November 2013 - 12:44 PM

I cant seem to disable trend.. the link in the forum say's it can not be found? searched on the page and came up with nothing..  I share trend with 3 other computers, if I do manage to disable it will it mess with the other computers?



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:16 PM

Posted 01 November 2013 - 01:25 PM

ComboFix may complain but leave it alone. See what happen.

#5 nicholebridges

nicholebridges
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traverse City Mi
  • Local time:11:16 PM

Posted 01 November 2013 - 02:23 PM

combofix didn't like it! trend deleted the others from my computer but I did find a way to did disable it until start up.. but after combofix restarts the computer trend stops it from finishing the report

#6 nicholebridges

nicholebridges
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traverse City Mi
  • Local time:11:16 PM

Posted 01 November 2013 - 02:40 PM

Here are the reports.. Still unable to download!  Thank you for helping me.

RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : kit [Admin rights]
Mode : Scan -- Date : 11/01/2013 14:03:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce : DCERegBootClean (C:\Windows\RegBootClean.exe [7]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{077E4E53-1A7C-467B-AFFF-870D70420437} : NameServer (172.26.38.1 172.26.38.2 [(Private Address) (XX) - (Private Address) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{077E4E53-1A7C-467B-AFFF-870D70420437} : NameServer (172.26.38.1 172.26.38.2 [(Private Address) (XX) - (Private Address) (XX)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{077E4E53-1A7C-467B-AFFF-870D70420437} : NameServer (172.26.38.1 172.26.38.2 [(Private Address) (XX) - (Private Address) (XX)]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[70] : NtCreateKey @ 0x8303B009 -> HOOKED (Unknown @ 0x85D10A54)
[Address] SSDT[74] : NtCreateMutant @ 0x8304A35A -> HOOKED (Unknown @ 0x85D0E53C)
[Address] SSDT[79] : NtCreateProcess @ 0x831161D1 -> HOOKED (Unknown @ 0x85D0DE9C)
[Address] SSDT[80] : NtCreateProcessEx @ 0x8311621C -> HOOKED (Unknown @ 0x85CF158C)
[Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x8303B9D4 -> HOOKED (Unknown @ 0x85D16FD4)
[Address] SSDT[87] : NtCreateThread @ 0x83115FDA -> HOOKED (Unknown @ 0x85D0E5E4)
[Address] SSDT[88] : NtCreateThreadEx @ 0x830AA4AB -> HOOKED (Unknown @ 0x85D0E5AC)
[Address] SSDT[93] : NtCreateUserProcess @ 0x830A83DD -> HOOKED (Unknown @ 0x85CF1554)
[Address] SSDT[96] : NtDebugActiveProcess @ 0x830E7EDA -> HOOKED (Unknown @ 0x85D16E84)
[Address] SSDT[103] : NtDeleteKey @ 0x83025A58 -> HOOKED (Unknown @ 0x85D16204)
[Address] SSDT[106] : NtDeleteValueKey @ 0x83017461 -> HOOKED (Unknown @ 0x85D1615C)
[Address] SSDT[111] : NtDuplicateObject @ 0x8306B761 -> HOOKED (Unknown @ 0x85D16F9C)
[Address] SSDT[135] : NtGetContextThread @ 0x830CF15F -> HOOKED (Unknown @ 0x85D16F2C)
[Address] SSDT[155] : NtLoadDriver @ 0x82FFFC40 -> HOOKED (Unknown @ 0x85D0E574)
[Address] SSDT[190] : NtOpenProcess @ 0x8304BBA1 -> HOOKED (Unknown @ 0x85D0F5CC)
[Address] SSDT[194] : NtOpenSection @ 0x830A39FB -> HOOKED (Unknown @ 0x85D16124)
[Address] SSDT[198] : NtOpenThread @ 0x83098102 -> HOOKED (Unknown @ 0x85D0F594)
[Address] SSDT[290] : NtRenameKey @ 0x830D60EB -> HOOKED (Unknown @ 0x85D161CC)
[Address] SSDT[302] : NtRestoreKey @ 0x830CBCA2 -> HOOKED (Unknown @ 0x85D16194)
[Address] SSDT[304] : NtResumeThread @ 0x830AA6D2 -> HOOKED (Unknown @ 0x85D16EBC)
[Address] SSDT[316] : NtSetContextThread @ 0x8311784F -> HOOKED (Unknown @ 0x85D16EF4)
[Address] SSDT[350] : NtSetSystemInformation @ 0x8308837A -> HOOKED (Unknown @ 0x85D16F64)
[Address] SSDT[358] : NtSetValueKey @ 0x83044606 -> HOOKED (Unknown @ 0x85D1623C)
[Address] SSDT[368] : NtSystemDebugControl @ 0x830BF802 -> HOOKED (Unknown @ 0x85D16D1C)
[Address] SSDT[370] : NtTerminateProcess @ 0x83094D9A -> HOOKED (Unknown @ 0x85D10AC4)
[Address] SSDT[371] : NtTerminateThread @ 0x830B26CB -> HOOKED (Unknown @ 0x85D10A8C)
[Address] SSDT[399] : NtWriteVirtualMemory @ 0x83099A97 -> HOOKED (Unknown @ 0x85D0E61C)
[Address] Shadow SSDT[361] : NtUserCreateWindowEx -> HOOKED (Unknown @ 0x86B83444)
[Address] Shadow SSDT[584] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x86E281EC)
[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x86E896A4)
[Inline] EAT @explorer.exe (@Oledb@DBOBJECT_DOMAIN) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF34F)
[Inline] EAT @explorer.exe (@Oledb@DBOBJECT_SCHEMA) : rtl70.bpl -> HOOKED (Unknown @ 0x33CFF33F)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK1646GSX ATA Device +++++
--- User ---
[MBR] 8f1244325aaac5d124b4ae7be98e23c3
[BSP] de409a9c3a2bc10bd361302537cc1070 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 151126 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11012013_140330.txt >>

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x86
Ran by kit on Fri 11/01/2013 at 14:17:34.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-218110067-3638256474-956122285-1001\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic-us-silent_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic-us-silent_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1C79993E-B464-49BD-ADE3-141C86A6BDF1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2005ACD9-727B-38B0-19F6-BE95434160E8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{71C63272-91A7-436a-843D-A1C641D1C626}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EE871180-2F93-F8D2-D9F0-D4FC20ED2A5F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{71C63272-91A7-436a-843D-A1C641D1C626}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\kit\AppData\Roaming\fixcleaner"
Successfully deleted: [Folder] "C:\Users\kit\AppData\Roaming\pc cleaners"
Successfully deleted: [Folder] "C:\Users\kit\AppData\Roaming\pcpro"
Successfully deleted: [Folder] "C:\Users\kit\AppData\Roaming\software informer"
Successfully deleted: [Folder] "C:\Program Files\bearshare applications"
Successfully deleted: [Folder] "C:\Program Files\fighters"
Successfully deleted: [Folder] "C:\Program Files\fixcleaner"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\kit\appdata\local\{AA455DC4-5FB4-4C25-8868-0DCEC4A43DFB}
Successfully deleted: [Empty Folder] C:\Users\kit\appdata\local\{B70C2A64-A377-40F9-B962-BCA5B3543305}
Successfully deleted: [Empty Folder] C:\Users\kit\appdata\local\{B92A05AE-9412-4902-BE93-7333155437FD}
Successfully deleted: [Empty Folder] C:\Users\kit\appdata\local\{D8DACC3E-A9A2-40B3-BA5E-4A060588656A}
Successfully deleted: [Empty Folder] C:\Users\kit\appdata\local\{FE8AABDE-7C83-4AE8-BDF8-DD5151B9F476}
Successfully deleted: [Empty Folder] C:\Users\kit\appdata\local\{FEDD022E-32D1-419B-AFEF-E8A79D02935D}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/01/2013 at 14:26:52.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix 13-11-01.03 - kit 11/01/2013  15:13:32.5.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2038.1242 [GMT -4:00]
Running from: c:\users\Public\Documents\ComboFix.exe
AV: Trend Micro Titanium Antivirus+ *Disabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Trend Micro Titanium Antivirus+ *Disabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-01 to 2013-11-01  )))))))))))))))))))))))))))))))
.
.
2013-11-01 19:24 . 2013-11-01 19:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-01 19:24 . 2013-11-01 19:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-01 18:17 . 2013-11-01 18:17 -------- d-----w- c:\windows\ERUNT
2013-11-01 18:05 . 2013-11-01 18:09 -------- d-----w- C:\AdwCleaner
2013-10-30 21:46 . 2013-10-30 21:48 -------- d-----w- c:\users\Kids
2013-10-29 14:41 . 2013-10-29 14:41 -------- d--h--w- c:\windows\PIF
2013-10-29 12:55 . 2013-11-01 19:08 -------- d-----w- C:\New folder (2)
2013-10-29 00:46 . 2013-11-01 17:15 209432 ----a-w- c:\windows\RegBootClean.exe
2013-10-29 00:29 . 2013-10-29 00:29 -------- d-----w- C:\TMRescueDisk
2013-10-29 00:27 . 2013-06-13 06:35 85280 ----a-w- c:\windows\system32\drivers\tmeevw.sys
2013-10-29 00:27 . 2013-05-22 15:37 282272 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2013-10-29 00:27 . 2012-05-02 19:27 92304 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2013-10-29 00:27 . 2013-09-04 06:23 102904 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2013-10-29 00:27 . 2013-09-04 06:20 83352 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2013-10-29 00:27 . 2013-09-04 06:12 288840 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-10-29 00:27 . 2013-07-01 13:08 40736 ----a-w- c:\windows\system32\drivers\TMEBC32.sys
2013-10-29 00:23 . 2013-10-29 00:23 59 ----a-w- c:\windows\system32\SupportTool.exe.bat
2013-10-29 00:20 . 2013-10-29 00:22 -------- d-----w- c:\program files\Trend Micro
2013-10-29 00:20 . 2013-11-01 17:56 -------- d-----w- c:\programdata\Trend Micro
2013-10-29 00:06 . 2013-10-29 00:28 -------- d-----w- c:\users\kit\AppData\Local\Trend Micro
2013-10-25 21:19 . 2013-10-25 21:20 -------- d-----w- c:\program files\Speccy
2013-10-25 15:14 . 2013-10-25 15:14 -------- d-----w- c:\users\kit\AppData\Local\Programs
2013-10-25 13:12 . 2013-10-25 13:12 -------- d-----w- c:\program files\Microsoft.NET
2013-10-22 19:12 . 2013-10-22 19:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-10-22 19:12 . 2013-10-22 19:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-10-22 19:12 . 2013-10-22 19:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-10-22 19:12 . 2013-10-22 19:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-10-22 19:12 . 2013-10-22 19:12 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2013-10-22 19:12 . 2013-10-22 19:12 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2013-10-22 19:12 . 2013-10-22 19:12 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2013-10-22 19:12 . 2013-10-22 19:12 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2013-10-22 19:12 . 2013-10-22 19:12 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2013-10-22 19:12 . 2013-10-22 19:12 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2013-10-22 19:11 . 2013-10-22 19:12 -------- d-----w- c:\program files\QuickTime
2013-10-22 19:11 . 2013-10-22 19:11 -------- d-----w- c:\programdata\Apple Computer
2013-10-21 22:38 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2013-10-21 22:38 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2013-10-21 22:38 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2013-10-21 22:38 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2013-10-21 22:38 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2013-10-21 22:38 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2013-10-21 22:38 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2013-10-21 22:38 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2013-10-21 22:38 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-10-21 22:38 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-10-21 22:37 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2013-10-21 22:37 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2013-10-21 22:37 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-10-21 22:37 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2013-10-21 22:37 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2013-10-21 22:37 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2013-10-21 22:37 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-10-21 22:37 . 2013-09-14 00:48 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-10-21 22:37 . 2013-09-08 02:07 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-21 22:37 . 2013-09-08 02:03 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-10-21 22:37 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-10-21 22:37 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-10-21 22:29 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-10-21 22:29 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-10-21 22:29 . 2013-08-05 01:56 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-10-19 13:35 . 2013-10-19 13:35 -------- d-----w- c:\windows\system32\Extensions
2013-10-19 13:35 . 2013-10-19 13:35 -------- d-----w- c:\windows\system32\searchplugins
2013-10-17 13:29 . 2013-10-17 13:29 -------- d-----w- c:\users\kit\AppData\Local\Windows Live Writer
2013-10-17 13:29 . 2013-10-17 13:29 -------- d-----w- c:\users\kit\AppData\Roaming\Windows Live Writer
2013-10-08 22:15 . 2013-07-04 11:50 530432 ----a-w- c:\windows\system32\comctl32.dll
2013-10-08 22:14 . 2013-07-12 10:07 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-08 22:14 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-07 20:47 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-10-07 19:40 . 2013-10-07 19:40 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-10-07 19:35 . 2013-10-07 19:35 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-10-05 21:53 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-10-05 21:53 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-10-05 21:53 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-10-04 23:55 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-10-04 23:55 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-10-04 23:55 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-10-04 23:55 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-10-04 23:55 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-10-04 23:53 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-10-04 23:53 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-10-04 23:53 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-10-04 23:53 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-10-04 23:52 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-10-04 23:52 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-10-04 23:52 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-10-04 23:52 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-10-04 23:52 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-10-04 23:52 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-19 15:22 . 2010-10-12 15:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-10-19 15:22 . 2010-10-12 15:20 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-10-19 15:22 . 2010-10-12 15:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-10-08 21:54 . 2012-06-25 13:25 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-08 21:54 . 2012-06-25 13:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-05 00:24 . 2010-10-28 14:42 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-10-05 00:24 . 2010-10-28 14:42 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-10-05 00:24 . 2010-10-28 14:41 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-10-05 00:23 . 2010-10-28 14:41 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-09-28 12:21 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-09-26 19:47 . 2011-03-28 22:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-25 18:57 . 2010-10-12 15:20 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-08-20 11:02 . 2013-08-20 11:02 84248 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-08-20 11:02 . 2013-08-20 11:02 182680 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2011-07-05 15:13 . 2011-07-05 15:13 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\kit\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\kit\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\kit\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\kit\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-05-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"pcreg"="c:\program files\wrapper_inst\service.exe" [2013-09-24 346720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2013-07-23 136600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-09-28 280576]
.
c:\users\kit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\kit\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-10-10 29768376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 776744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^kit^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^kit^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^kit^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-07-05 15:13 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe"  -osboot
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 pcregservice;pcregservice Service;c:\program files\wrapper_inst\file_to_run.exe [2013-09-24 25088]
R3 Andbus;LGE Android Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-01-25 14336]
R3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-01-25 20864]
R3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-01-25 19968]
R3 ANDModem;LGE Android USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-01-25 24960]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 44432]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-08-20 84248]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
R3 esgiguard;esgiguard; [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-07-05 30192]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-26 9472]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 spotJ;Spot Software GPS USB Driver (spotJ);c:\windows\system32\Drivers\spotJ32.sys [2007-05-27 36608]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-08-20 182680]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2009-08-12 222720]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2009-07-22 148992]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-18 1343400]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S0 TMEBC;TMEBC;c:\windows\system32\DRIVERS\TMEBC32.sys [2013-07-01 40736]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2013-09-04 83352]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [2013-06-13 85280]
S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [2013-05-22 282272]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2011-03-24 311296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 21:54]
.
2013-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-02 16:42]
.
2013-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-02 16:42]
.
2013-11-01 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2010-12-20 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
Trusted Zone: facebook.com
Trusted Zone: facebook.com\apps
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{077E4E53-1A7C-467B-AFFF-870D70420437}: NameServer = 172.26.38.1 172.26.38.2
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-218110067-3638256474-956122285-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-218110067-3638256474-956122285-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3656)
c:\windows\system32\btmmhook.dll
.
Completion time: 2013-11-01  15:28:30
ComboFix-quarantined-files.txt  2013-11-01 19:28
ComboFix2.txt  2013-11-01 18:56
ComboFix3.txt  2013-10-24 20:15
ComboFix4.txt  2013-09-07 22:52
ComboFix5.txt  2013-11-01 19:10
.
Pre-Run: 95,186,620,416 bytes free
Post-Run: 95,133,184,000 bytes free
.
- - End Of File - - 50FA3D3F33BB3D2072471CCD19A06293
A36C5E4F47E84449FF07ED3517B43A31

 



#7 nicholebridges

nicholebridges
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traverse City Mi
  • Local time:11:16 PM

Posted 01 November 2013 - 04:58 PM

Ok, so I just created a different user account on my computer.. Out of Curiosity I tried to download the same file I tried to download from my other account and it worked!  but it will not work on my old account..  So how do I fix that? 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:16 PM

Posted 02 November 2013 - 06:59 AM

This Microsoft Article may help to recreate you account.

Fix a corrupted user profile
http://windows.microsoft.com/en-CA/windows7/fix-a-corrupted-user-profile

You may also ask for advice in the Windows 7 Forum
http://www.bleepingcomputer.com/forums/forum167.html
before proceeding.

===

When all is well:
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users