evie5
-
Posts
17 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by evie5
-
-
No threats were found on the ESET scanner!
-
Mbam log:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.01.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kayla :: KAYLA-PC [administrator]
7/2/2012 8:29:30 PM
mbam-log-2012-07-02 (20-29-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208221
Time elapsed: 2 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:40:58 PM, on 7/2/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Users\Kayla\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Kayla\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/?.lts=1340941870
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - Startup: Dropbox.lnk = C:\Users\Kayla\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager (mitsijm2012) - Autodesk, Inc. - C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 8137 bytes
No problems to report.
Computer seems to be doing fine.
-
No problems that I can see.
Computer seems to be running fine.
ComboFix report:
ComboFix 12-07-02.01 - Kayla 07/02/2012 11:32:28.4.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3003.1928 [GMT -7:00]
Running from: c:\users\Kayla\Downloads\ComboFix.exe
Command switches used :: c:\users\Kayla\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-07-02 18:39 . 2012-07-02 18:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-07-02 18:39 . 2012-07-02 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-02 07:06 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EB0BD1C-45CA-421C-A585-1D291CDA0323}\mpengine.dll
2012-07-01 22:59 . 2012-07-01 22:59 -------- d-----w- c:\windows\system32\appmgmt
2012-07-01 18:03 . 2012-07-01 18:03 -------- d-----w- C:\_OTL
2012-07-01 02:56 . 2012-07-01 02:56 -------- d-----w- c:\users\Kayla\AppData\Roaming\Malwarebytes
2012-07-01 02:32 . 2012-07-01 02:32 -------- d-----w- c:\programdata\Malwarebytes
2012-07-01 02:32 . 2012-07-01 02:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-01 02:32 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-01 02:30 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-01 02:13 . 2012-07-01 02:13 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-01 02:13 . 2012-07-01 02:13 624608 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-07-01 02:13 . 2012-07-01 02:13 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-01 02:13 . 2012-07-01 02:13 43488 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-07-01 02:13 . 2012-07-01 02:13 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-01 02:13 . 2012-07-01 02:13 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-01 02:13 . 2012-07-01 02:13 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-24 07:08 . 2012-06-24 07:08 -------- d-----w- c:\users\Kayla\AppData\Local\CRE
2012-06-24 05:57 . 2012-06-24 05:57 -------- d-----w- c:\users\Kayla\AppData\Local\Macromedia
2012-06-22 20:08 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 20:08 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 20:08 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 20:08 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 20:08 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 20:08 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 20:08 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 20:07 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 20:07 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 19:58 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-22 19:58 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-22 19:58 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-06-22 19:58 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-22 19:58 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-06-22 19:58 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-19 19:11 . 2012-05-19 05:00 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-19 19:11 . 2012-05-19 05:00 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A26C7AB5-F5D8-4C18-9632-5C69FB938EDD}\gapaengine.dll
2012-06-19 19:09 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-19 19:09 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-19 19:09 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-19 19:09 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-19 19:09 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-19 19:09 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-19 19:09 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-19 19:09 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-19 19:09 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-19 19:09 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-19 19:08 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-19 19:08 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-19 19:07 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-19 19:07 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-19 19:07 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-19 19:07 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-19 19:07 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-19 19:07 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 03:21 . 2012-05-09 06:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-24 03:21 . 2011-05-27 03:22 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 03:21 . 2012-05-09 06:21 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-08 17:02 . 2012-05-19 01:25 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52E4EB11-C895-440F-AE3E-78B346A4F484}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-02_06.44.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-02 05:00 . 2012-07-02 18:18 34212 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-02 18:18 41418 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-02 04:33 . 2012-07-02 18:18 14674 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1783078124-2200932548-1119874748-1000_UserData.bin
+ 2009-07-14 04:46 . 2012-07-02 18:21 79768 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-09-10 04:13 . 2012-07-02 07:37 3562 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-02 06:26 . 2012-07-02 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-02 18:40 . 2012-07-02 18:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-02 06:26 . 2012-07-02 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-02 18:40 . 2012-07-02 18:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-07-02 06:25 447240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-02 18:39 447240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-30 08:17 . 2012-07-02 18:39 36059812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1783078124-2200932548-1119874748-1000-8192.dat
- 2011-04-30 08:17 . 2012-07-02 06:25 36059812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1783078124-2200932548-1119874748-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kayla\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kayla\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kayla\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\users\Kayla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kayla\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-31 1431888]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-01 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-02 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-07 14464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;c:\program files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-08 848184]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-12 292864]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 03:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kayla\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kayla\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kayla\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1234216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://att.my.yahoo.com/?.lts=1340941870
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-07-02 11:51:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-02 18:51
ComboFix2.txt 2012-07-02 07:36
ComboFix3.txt 2012-07-02 06:48
.
Pre-Run: 163,386,945,536 bytes free
Post-Run: 162,958,364,672 bytes free
.
- - End Of File - - 1EE281533B90669F65349F8B70845074
-
No problems that I can see!
CombFix log:
ComboFix 12-07-01.04 - Kayla 07/02/2012 0:19.3.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3003.1898 [GMT -7:00]
Running from: c:\users\Kayla\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-07-02 07:25 . 2012-07-02 07:25 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-07-02 07:25 . 2012-07-02 07:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-02 07:06 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EB0BD1C-45CA-421C-A585-1D291CDA0323}\mpengine.dll
2012-07-01 22:59 . 2012-07-01 22:59 -------- d-----w- c:\windows\system32\appmgmt
2012-07-01 18:03 . 2012-07-01 18:03 -------- d-----w- C:\_OTL
2012-07-01 02:56 . 2012-07-01 02:56 -------- d-----w- c:\users\Kayla\AppData\Roaming\Malwarebytes
2012-07-01 02:32 . 2012-07-01 02:32 -------- d-----w- c:\programdata\Malwarebytes
2012-07-01 02:32 . 2012-07-01 02:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-01 02:32 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-01 02:30 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-01 02:13 . 2012-07-01 02:13 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-01 02:13 . 2012-07-01 02:13 624608 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-07-01 02:13 . 2012-07-01 02:13 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-01 02:13 . 2012-07-01 02:13 43488 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-07-01 02:13 . 2012-07-01 02:13 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-01 02:13 . 2012-07-01 02:13 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-01 02:13 . 2012-07-01 02:13 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-24 07:08 . 2012-06-24 07:08 -------- d-----w- c:\users\Kayla\AppData\Local\CRE
2012-06-24 05:57 . 2012-06-24 05:57 -------- d-----w- c:\users\Kayla\AppData\Local\Macromedia
2012-06-22 20:08 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 20:08 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 20:08 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 20:08 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 20:08 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 20:08 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 20:08 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 20:07 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 20:07 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 19:58 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-22 19:58 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-22 19:58 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-06-22 19:58 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-22 19:58 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-06-22 19:58 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-19 19:11 . 2012-05-19 05:00 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-19 19:11 . 2012-05-19 05:00 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A26C7AB5-F5D8-4C18-9632-5C69FB938EDD}\gapaengine.dll
2012-06-19 19:09 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-19 19:09 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-19 19:09 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-19 19:09 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-19 19:09 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-19 19:09 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-19 19:09 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-19 19:09 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-19 19:09 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-19 19:09 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-19 19:08 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-19 19:08 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-19 19:07 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-19 19:07 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-19 19:07 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-19 19:07 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-19 19:07 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-19 19:07 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 03:21 . 2012-05-09 06:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-24 03:21 . 2011-05-27 03:22 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 03:21 . 2012-05-09 06:21 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-08 17:02 . 2012-05-19 01:25 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52E4EB11-C895-440F-AE3E-78B346A4F484}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-02_06.44.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-02 05:00 . 2012-07-02 07:06 33818 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-02 07:06 41354 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-02 04:33 . 2012-07-02 07:06 14406 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1783078124-2200932548-1119874748-1000_UserData.bin
- 2010-09-02 04:33 . 2012-07-01 23:21 14406 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1783078124-2200932548-1119874748-1000_UserData.bin
- 2012-07-02 06:26 . 2012-07-02 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-02 07:26 . 2012-07-02 07:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-02 06:26 . 2012-07-02 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-02 07:26 . 2012-07-02 07:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-07-02 06:25 447240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-02 07:25 447240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-30 08:17 . 2012-07-02 07:25 36059812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1783078124-2200932548-1119874748-1000-8192.dat
- 2011-04-30 08:17 . 2012-07-02 06:25 36059812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1783078124-2200932548-1119874748-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kayla\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kayla\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kayla\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\users\Kayla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kayla\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-31 1431888]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-01 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-02 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-07 14464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;c:\program files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-08 848184]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-12 292864]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 03:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kayla\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kayla\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kayla\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1234216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://att.my.yahoo.com/?.lts=1340941870
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-07-02 00:36:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-02 07:36
ComboFix2.txt 2012-07-02 06:48
.
Pre-Run: 163,684,327,424 bytes free
Post-Run: 163,384,020,992 bytes free
.
- - End Of File - - AD22DC57FDA3C84D03B45AF5055AB889
-
IE opens to msn.com now
OTL report:
========== OTL ==========
HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kayla\Downloads\cmd.bat deleted successfully.
C:\Users\Kayla\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Kayla
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 56504 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Kayla
->Flash cache emptied: 106870 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.53.0 log created on 07012012_215509
You folks have been great the two times I've had to ask for help. A little donation is on the way
-
OTL:
OTL logfile created on: 7/1/2012 8:12:07 PM - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Kayla\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.93 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 59.47% Memory free
5.86 Gb Paging File | 4.67 Gb Available in Paging File | 79.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.90 Gb Total Space | 153.26 Gb Free Space | 69.07% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.83 Gb Free Space | 16.79% Space Free | Partition Type: NTFS
Computer Name: KAYLA-PC | User Name: Kayla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Kayla\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\ytbb.exe (Yahoo! Inc.)
PRC - C:\Users\Kayla\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (mitsijm2012) -- C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe (Autodesk, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3198785
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 6F B9 0A 00 6D CB 01 [binary data]
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..CT3198785.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.0.20100901020224
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kayla\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/30 19:13:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/27 18:37:57 | 000,000,000 | ---D | M]
[2010/09/01 21:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kayla\AppData\Roaming\Mozilla\Extensions
[2012/07/01 11:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions
[2012/05/18 21:51:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/30 20:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/18 00:05:02 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/06/30 19:13:40 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/30 19:13:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/30 19:13:33 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kayla\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63AE9814-EB7B-4B6D-8F8F-DF0F2D7269C9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7637A76A-83BF-44CA-9BFB-8C877A08E3A4}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/30 22:46:40 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/01 15:59:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/07/01 11:03:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/30 19:56:11 | 000,000,000 | ---D | C] -- C:\Users\Kayla\AppData\Roaming\Malwarebytes
[2012/06/30 19:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/30 19:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/30 19:32:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/30 19:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/30 19:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/30 19:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/24 00:08:52 | 000,000,000 | ---D | C] -- C:\Users\Kayla\AppData\Local\CRE
[2012/06/23 22:57:55 | 000,000,000 | ---D | C] -- C:\Users\Kayla\AppData\Local\Macromedia
[2012/06/22 13:08:42 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/22 13:08:41 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/22 13:08:41 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/22 13:08:11 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/22 13:08:10 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/22 13:08:10 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/22 13:07:48 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/22 13:07:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/22 12:59:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/22 12:59:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/22 12:59:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/22 12:59:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/22 12:59:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/22 12:59:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/22 12:59:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/22 12:59:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/22 12:59:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/22 12:59:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/22 12:58:59 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/22 12:58:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/22 12:58:58 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/19 12:09:32 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/19 12:09:31 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/19 12:09:30 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/19 12:09:10 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/19 12:09:07 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/19 12:09:06 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/19 12:09:00 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/06/19 12:08:55 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/19 12:07:50 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/19 12:07:46 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[1 C:\Users\Kayla\Documents\*.tmp files -> C:\Users\Kayla\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/01 20:01:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/01 20:01:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/01 16:18:51 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 16:18:51 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 16:11:26 | 2361,806,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/30 19:32:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/24 14:21:44 | 000,782,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/24 14:21:44 | 000,662,674 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/24 14:21:44 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/24 00:08:55 | 000,000,000 | ---- | M] () -- C:\ProgramData\f6997331c130273b4c9f3d018ea341eb_c
[2012/06/23 20:21:54 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 20:21:54 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/23 20:21:18 | 009,815,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/06/23 19:40:01 | 000,516,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/02 15:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 15:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 15:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 15:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/02 15:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[1 C:\Users\Kayla\Documents\*.tmp files -> C:\Users\Kayla\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/30 19:32:29 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/24 00:08:55 | 000,000,000 | ---- | C] () -- C:\ProgramData\f6997331c130273b4c9f3d018ea341eb_c
[2011/01/28 10:48:18 | 000,796,892 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/15 18:30:41 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
========== Custom Scans ==========
<
%TEMP%\smtmp\*.* /s>
Invalid Switch: indent]
< End of report >
-
When I open the IE browser, "http://search.conduit.com/?SearchSource=10&ctid=CT3198785" is immediately in the address bar. The page looks like a bing search page, but it says "©2012 Conduit". Maybe this isn't part of Whitesmoke but some other malware?
-
It looks like IE is also infected. I went ahead and uninstalled Chrome, but I'd prefer not to uninstall IE if possible since there are some things on there I would still like to keep.
Thanks!
-
Excellent! It looks like the Whitesmoke toolbar is gone - when I check my list of toolbars in Firefox, Whitesmoke is no longer there. Also, when I open the browser, I no longer get redirected to an error page. I don't really use the other browsers (Chrome, IE) so I didn't check those - not sure what to look for.
Here's the OTL report:
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1783078124-2200932548-1119874748-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cce665dd-f6dd-4808-968e-eaec971f70ef} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cce665dd-f6dd-4808-968e-eaec971f70ef}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1783078124-2200932548-1119874748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{11352A67-0178-46B1-8855-D50B2F81C054} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11352A67-0178-46B1-8855-D50B2F81C054}\ not found.
Registry value HKEY_USERS\S-1-5-21-1783078124-2200932548-1119874748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCE665DD-F6DD-4808-968E-EAEC971F70EF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33524C00-63FB-43DB-A6BF-0A4E14B24649}\ not found.
HKEY_USERS\S-1-5-21-1783078124-2200932548-1119874748-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1783078124-2200932548-1119874748-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5A1A488B-5A27-46F1-818F-944D2A4DCF3F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A1A488B-5A27-46F1-818F-944D2A4DCF3F}\ not found.
Prefs.js: "http://search.conduit.com/ctid=CT3198785&SearchSource=13" removed from browser.startup.homepage
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=" removed from keyword.URL
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\Plugins folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\modules folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\META-INF folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\lib folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\defaults\preferences folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\defaults folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\skin folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\sl folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\lib folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\core folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_POPUP folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\404 folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\js folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\js\resources folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\js folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\images folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\css folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\myStuffDialogs folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features\js\resources folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features\js folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\api folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\res folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\img folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\css folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785 folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef} folder moved successfully.
C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\searchplugins\conduit.xml moved successfully.
C:\ProgramData\BasicScan folder moved successfully.
C:\Program Files (x86)\BasicScan folder moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Users\Kayla\AppData\Local\Conduit folder moved successfully.
OTL by OldTimer - Version 3.2.53.0 log created on 07012012_110356
-
Thanks for your help, Gringo.
checkup:
Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
OTL:
OTL logfile created on: 7/1/2012 1:50:09 AM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Kayla\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.93 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 58.77% Memory free
5.86 Gb Paging File | 4.60 Gb Available in Paging File | 78.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.90 Gb Total Space | 151.98 Gb Free Space | 68.49% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.83 Gb Free Space | 16.79% Space Free | Partition Type: NTFS
Computer Name: KAYLA-PC | User Name: Kayla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Kayla\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Kayla\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Kayla\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\NppExport.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\Config\tidy\libTidy.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (mitsijm2012) -- C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe (Autodesk, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3198785
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 6F B9 0A 00 6D CB 01 [binary data]
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - No CLSID value found
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\..\SearchScopes\{5A1A488B-5A27-46F1-818F-944D2A4DCF3F}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
IE - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..CT3198785.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/ctid=CT3198785&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.0.20100901020224
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kayla\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kayla\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kayla\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kayla\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kayla\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/30 19:13:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/27 18:37:57 | 000,000,000 | ---D | M]
[2010/09/01 21:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kayla\AppData\Roaming\Mozilla\Extensions
[2012/06/30 19:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions
[2012/05/18 21:51:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/26 08:11:09 | 000,000,000 | ---D | M] (WhiteSmoke US) -- C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
[2012/06/24 12:51:02 | 000,000,917 | ---- | M] () -- C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\searchplugins\conduit.xml
[2012/06/30 20:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/18 00:05:02 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/06/30 19:13:40 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/30 19:13:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/30 19:13:33 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kayla\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kayla\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kayla\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Kayla\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Kayla\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Unity Player (Enabled) = C:\Users\Kayla\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kayla\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Poppit = C:\Users\Kayla\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\..\Toolbar\WebBrowser: (no name) - {11352A67-0178-46B1-8855-D50B2F81C054} - No CLSID value found.
O3 - HKU\S-1-5-21-1783078124-2200932548-1119874748-1000\..\Toolbar\WebBrowser: (no name) - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kayla\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63AE9814-EB7B-4B6D-8F8F-DF0F2D7269C9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7637A76A-83BF-44CA-9BFB-8C877A08E3A4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/30 22:46:40 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/30 19:56:11 | 000,000,000 | ---D | C] -- C:\Users\Kayla\AppData\Roaming\Malwarebytes
[2012/06/30 19:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/30 19:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/30 19:32:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/30 19:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/30 19:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/30 19:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/24 00:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\BasicScan
[2012/06/24 00:09:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BasicScan
[2012/06/24 00:08:52 | 000,000,000 | ---D | C] -- C:\Users\Kayla\AppData\Local\CRE
[2012/06/24 00:08:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/06/24 00:08:29 | 000,000,000 | ---D | C] -- C:\Users\Kayla\AppData\Local\Conduit
[2012/06/23 22:57:55 | 000,000,000 | ---D | C] -- C:\Users\Kayla\AppData\Local\Macromedia
[2012/06/22 13:08:42 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/22 13:08:41 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/22 13:08:41 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/22 13:08:11 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/22 13:08:10 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/22 13:08:10 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/22 13:07:48 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/22 13:07:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/22 12:59:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/22 12:59:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/22 12:59:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/22 12:59:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/22 12:59:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/22 12:59:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/22 12:59:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/22 12:59:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/22 12:59:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/22 12:59:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/22 12:58:59 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/22 12:58:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/22 12:58:58 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/19 12:09:32 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/19 12:09:31 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/19 12:09:30 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/19 12:09:10 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/19 12:09:07 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/19 12:09:06 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/19 12:09:00 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/06/19 12:08:55 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/19 12:07:50 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/19 12:07:46 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[1 C:\Users\Kayla\Documents\*.tmp files -> C:\Users\Kayla\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/01 01:52:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1783078124-2200932548-1119874748-1000UA.job
[2012/07/01 01:38:58 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 01:38:58 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 01:31:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/01 01:31:34 | 2361,806,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/01 01:21:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/30 19:32:29 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/26 08:52:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1783078124-2200932548-1119874748-1000Core.job
[2012/06/24 14:21:44 | 000,782,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/24 14:21:44 | 000,662,674 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/24 14:21:44 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/24 00:08:55 | 000,000,000 | ---- | M] () -- C:\ProgramData\f6997331c130273b4c9f3d018ea341eb_c
[2012/06/23 20:21:54 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 20:21:54 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/23 20:21:18 | 009,815,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/06/23 19:40:01 | 000,516,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/02 15:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 15:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 15:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 15:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/02 15:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/01 18:16:46 | 000,001,011 | ---- | M] () -- C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/01 18:16:24 | 000,000,979 | ---- | M] () -- C:\Users\Kayla\Desktop\Dropbox.lnk
[1 C:\Users\Kayla\Documents\*.tmp files -> C:\Users\Kayla\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/30 19:32:29 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/24 00:08:55 | 000,000,000 | ---- | C] () -- C:\ProgramData\f6997331c130273b4c9f3d018ea341eb_c
[2011/01/28 10:48:18 | 000,796,892 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/15 18:30:41 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
========== Custom Scans ==========
<
%TEMP%\smtmp\*.* /s>
Invalid Switch: indent]
< End of report >
-
Hi! My laptop's been infected with the Whitesmoke Toolbar and I can't get rid of it. Thanks for your assistance!
DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Kayla at 20:11:30 on 2012-06-30
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3003.1683 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Kayla\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Users\Kayla\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Kayla\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: {11352A67-0178-46B1-8855-D50B2F81C054} - No File
TB: {CCE665DD-F6DD-4808-968E-EAEC971F70EF} - No File
uRun: [Google Update] "C:\Users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Kayla\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kayla\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{63AE9814-EB7B-4B6D-8F8F-DF0F2D7269C9} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7637A76A-83BF-44CA-9BFB-8C877A08E3A4} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7637A76A-83BF-44CA-9BFB-8C877A08E3A4}\8403634363 : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{7637A76A-83BF-44CA-9BFB-8C877A08E3A4}\94653475F544144514 : DhcpNameServer = 10.161.252.1 10.161.252.4 10.161.252.2 10.161.252.5 10.161.252.6
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB-X64: {11352A67-0178-46B1-8855-D50B2F81C054} - No File
TB-X64: {CCE665DD-F6DD-4808-968E-EAEC971F70EF} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/ctid=CT3198785&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Users\Kayla\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Kayla\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Kayla\AppData\Roaming\Mozilla\Firefox\Profiles\riaqwyzk.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Kayla\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Kayla\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-7 848184]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-8 250056]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-3-30 1431888]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-30 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== File Associations ===============
.
.scr=DWGTrueViewScriptFile
.
=============== Created Last 30 ================
.
2012-07-01 02:56:11 -------- d-----w- C:\Users\Kayla\AppData\Roaming\Malwarebytes
2012-07-01 02:32:23 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-01 02:32:21 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-01 02:32:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-01 02:30:59 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC72F599-AC83-4CE1-968D-6414AD4B9DEA}\mpengine.dll
2012-07-01 02:13:46 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-01 02:13:38 624608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-07-01 02:13:37 43488 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-07-01 02:13:37 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-01 02:13:37 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-01 02:13:36 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-01 02:13:36 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-29 04:06:10 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-24 07:09:27 -------- d-----w- C:\ProgramData\BasicScan
2012-06-24 07:09:27 -------- d-----w- C:\Program Files (x86)\BasicScan
2012-06-24 07:08:52 -------- d-----w- C:\Users\Kayla\AppData\Local\CRE
2012-06-24 07:08:40 -------- d-----w- C:\Program Files (x86)\Blinkx
2012-06-24 07:08:34 -------- d-----w- C:\Program Files (x86)\Conduit
2012-06-24 07:08:29 -------- d-----w- C:\Users\Kayla\AppData\Local\Conduit
2012-06-24 05:57:55 -------- d-----w- C:\Users\Kayla\AppData\Local\Macromedia
2012-06-22 20:08:41 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 20:08:10 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 20:07:48 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 20:07:48 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 19:58:59 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-22 19:58:59 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-22 19:58:58 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-06-22 19:58:57 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-06-22 19:58:57 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2012-06-22 19:58:56 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-06-19 19:11:24 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-19 19:11:24 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A26C7AB5-F5D8-4C18-9632-5C69FB938EDD}\gapaengine.dll
2012-06-19 19:09:32 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-19 19:09:31 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-19 19:09:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-19 19:09:13 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-19 19:09:10 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-19 19:09:07 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-19 19:09:06 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-19 19:09:03 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-19 19:09:00 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-19 19:09:00 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-06-19 19:08:55 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-19 19:08:54 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-19 19:07:50 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-19 19:07:48 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-19 19:07:47 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-19 19:07:46 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-19 19:07:46 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-19 19:07:46 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2012-06-24 03:21:54 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 03:21:54 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-24 03:21:18 9815752 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 20:12:45.80 ===============
Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 9/1/2010 9:26:27 PM
System Uptime: 6/30/2012 8:05:26 PM (0 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz | CPU | 996/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 152.773 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.827 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP345: 6/9/2012 8:08:07 PM - Windows Update
RP346: 6/19/2012 12:09:50 PM - Windows Update
RP347: 6/22/2012 12:57:36 PM - Windows Update
RP348: 6/23/2012 7:44:15 PM - Windows Update
RP349: 6/24/2012 10:09:24 AM - Windows Update
RP350: 6/25/2012 9:14:19 AM - Windows Update
RP351: 6/26/2012 8:09:51 AM - Windows Update
RP352: 6/26/2012 2:20:16 PM - Windows Update
RP353: 6/30/2012 7:16:51 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.7
Autodesk Design Review 2012
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
Autodesk Material Library Low Resolution Image Library 2012
Autodesk Vault 2012 (Client)
blinkx beat
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
Google Chrome
Google Talk Plugin
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Skype Toolbars
Skype™ 5.1
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VBA (2627.01)
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/30/2012 7:18:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Chart Controls for Microsoft .NET Framework 3.5 Service Pack 1 (KB2500170).
.
==== End Of File ===========================
-
Everything's cleaned up.
Thanks for the recommendations! I will read thru them right now!
Thanks again for all of your help!!! A donation is in order
-
ComboFix 12-05-08.02 - JoAnne 05/08/2012 18:43:48.2.2 - x86
Microsoft Windows 7 Home Premium N 6.1.7601.1.1252.1.1033.18.2046.1372 [GMT -7:00]
Running from: c:\users\JoAnne\Desktop\ComboFix.exe
Command switches used :: c:\users\JoAnne\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-09 01:50 . 2012-05-09 01:50 -------- d-----w- c:\users\Kayla\AppData\Local\temp
2012-05-09 01:50 . 2012-05-09 01:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-09 01:50 . 2012-05-09 01:50 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-09 00:31 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8ABEEF9-D66C-4482-A8B0-CAD9C2800F28}\mpengine.dll
2012-05-09 00:18 . 2012-05-09 01:50 -------- d-----w- c:\users\JoAnne\AppData\Local\temp
2012-05-08 18:55 . 2012-05-08 18:55 448 ----a-w- C:\user.js
2012-05-07 03:03 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-25 08:16 . 2012-04-25 08:16 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 08:16 . 2012-04-25 08:16 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-25 08:16 . 2012-04-25 08:16 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-15 04:53 . 2009-08-20 07:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-04-13 07:33 . 2012-04-13 07:33 -------- d-----w- c:\users\JoAnne\AppData\Local\CrashDumps
2012-04-12 09:11 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 09:11 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 09:11 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 09:11 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 09:09 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 09:09 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 03:58 . 2012-03-30 01:30 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 03:58 . 2011-05-15 19:19 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:56 . 2010-07-15 07:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 03:44 . 2010-10-25 05:25 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2009-06-19 02:48 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-17 05:34 . 2012-03-13 18:26 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 18:26 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 18:26 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-16 09:47 . 2010-12-13 18:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-11 02:12 . 2012-02-11 02:13 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4D42F29-44F1-4D25-A1B8-7A9C6824BF97}\gapaengine.dll
2012-02-10 05:38 . 2012-03-13 22:08 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-04-25 08:16 . 2011-04-01 09:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JoAnne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JoAnne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JoAnne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"googletalk"="c:\users\JoAnne\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-03 5244216]
"Akamai NetSession Interface"="c:\users\JoAnne\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-11-13 222432]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-27 336384]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-05 311296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-11-03 273528]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
c:\users\JoAnne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Advanced Registry Optimizer.lnk - c:\program files\Advanced Registry Optimizer\ARO.exe [N/A]
Dropbox.lnk - c:\users\JoAnne\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1cac52b62dd0291;Google Update Service (gupdate1cac52b62dd0291);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 133104]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 133104]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 74112]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 214952]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1343400]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 268512]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2009-11-13 25824]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-07-24 102400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-05-21 21392]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 03:58]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 17:09]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 17:09]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048521924-1855791597-468837853-1000Core.job
- c:\users\JoAnne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26 03:39]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048521924-1855791597-468837853-1000UA.job
- c:\users\JoAnne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26 03:39]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048521924-1855791597-468837853-1003Core.job
- c:\users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 03:39]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048521924-1855791597-468837853-1003UA.job
- c:\users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 03:39]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Edit with Altova X&MLSpy - c:\program files\Altova\XMLSpy2011\spy.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\JoAnne\AppData\Roaming\Mozilla\Firefox\Profiles\k2tlyjbb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://malaysia.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://malaysia.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: network.proxy.type - 4
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3736)
c:\users\JoAnne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-05-08 19:05:27
ComboFix-quarantined-files.txt 2012-05-09 02:05
ComboFix2.txt 2012-05-09 00:28
.
Pre-Run: 571,315,441,664 bytes free
Post-Run: 571,320,672,256 bytes free
.
- - End Of File - - 4BD9FE2A081F80F8AAAC6273371774FA
************************************************************************************************************************************************
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.09.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
JoAnne :: JOANNE-PC [administrator]
5/8/2012 7:07:14 PM
mbam-log-2012-05-08 (19-07-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240191
Time elapsed: 2 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
************************************************************************************************************************
ESET scanner - no threats found
*************************************************************************************************************************
HUZZAH! Computer seems to be running normally now! Is it safe and secure to carry on as usual?
-
ComboFix 12-05-08.02 - JoAnne 05/08/2012 17:12:17.1.2 - x86
Microsoft Windows 7 Home Premium N 6.1.7601.1.1252.1.1033.18.2046.1083 [GMT -7:00]
Running from: c:\users\JoAnne\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\JoAnne\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-09 00:18 . 2012-05-09 00:18 -------- d-----w- c:\users\JoAnne\AppData\Local\temp
2012-05-08 21:03 . 2012-05-08 21:03 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F18BDFD8-81E9-4457-BB76-D4AE07CC2DAE}\MpKsle2fad550.sys
2012-05-08 20:41 . 2012-05-08 20:41 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F18BDFD8-81E9-4457-BB76-D4AE07CC2DAE}\offreg.dll
2012-05-08 18:55 . 2012-05-08 18:55 448 ----a-w- C:\user.js
2012-05-08 04:00 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F18BDFD8-81E9-4457-BB76-D4AE07CC2DAE}\mpengine.dll
2012-05-07 03:03 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-25 08:16 . 2012-04-25 08:16 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 08:16 . 2012-04-25 08:16 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-25 08:16 . 2012-04-25 08:16 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-15 04:53 . 2009-08-20 07:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-04-13 07:33 . 2012-04-13 07:33 -------- d-----w- c:\users\JoAnne\AppData\Local\CrashDumps
2012-04-12 09:11 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 09:11 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 09:11 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 09:11 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 09:09 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 09:09 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 03:58 . 2012-03-30 01:30 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 03:58 . 2011-05-15 19:19 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:56 . 2010-07-15 07:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 03:44 . 2010-10-25 05:25 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2009-06-19 02:48 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-17 05:34 . 2012-03-13 18:26 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 18:26 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 18:26 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-16 09:47 . 2010-12-13 18:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-11 02:12 . 2012-02-11 02:13 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4D42F29-44F1-4D25-A1B8-7A9C6824BF97}\gapaengine.dll
2012-02-10 05:38 . 2012-03-13 22:08 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-04-25 08:16 . 2011-04-01 09:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JoAnne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JoAnne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\JoAnne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"googletalk"="c:\users\JoAnne\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-03 5244216]
"Akamai NetSession Interface"="c:\users\JoAnne\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-11-13 222432]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-27 336384]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-05 311296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-11-03 273528]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
c:\users\JoAnne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Advanced Registry Optimizer.lnk - c:\program files\Advanced Registry Optimizer\ARO.exe [N/A]
Dropbox.lnk - c:\users\JoAnne\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1cac52b62dd0291;Google Update Service (gupdate1cac52b62dd0291);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 133104]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 133104]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 74112]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 214952]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1343400]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 268512]
S1 MpKsle2fad550;MpKsle2fad550;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F18BDFD8-81E9-4457-BB76-D4AE07CC2DAE}\MpKsle2fad550.sys [2012-05-08 29904]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2009-11-13 25824]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-07-24 102400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-05-21 21392]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSLE2FAD550
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 03:58]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 17:09]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 17:09]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048521924-1855791597-468837853-1000Core.job
- c:\users\JoAnne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26 03:39]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048521924-1855791597-468837853-1000UA.job
- c:\users\JoAnne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26 03:39]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048521924-1855791597-468837853-1003Core.job
- c:\users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 03:39]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048521924-1855791597-468837853-1003UA.job
- c:\users\Kayla\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 03:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com/mb143?a=6OyBggZdYG&i=26
uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Edit with Altova X&MLSpy - c:\program files\Altova\XMLSpy2011\spy.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\JoAnne\AppData\Roaming\Mozilla\Firefox\Profiles\k2tlyjbb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://malaysia.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://Mystart.incredibar.com/mb124
FF - prefs.js: keyword.URL - hxxp://malaysia.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: network.proxy.type - 4
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyBggZdYG&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 52cfa03a000000000000001fd013055c
FF - user.js: extensions.incredibar_i.instlDay - 15468
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:55
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyBggZdYG
FF - user.js: extensions.incredibar_i.upn2n - 92261375971292222
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKCU-Run-AdobeBridge - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-08 17:28:05
ComboFix-quarantined-files.txt 2012-05-09 00:28
.
Pre-Run: 570,556,022,784 bytes free
Post-Run: 572,405,657,600 bytes free
.
- - End Of File - - 0DE1651A17B5D0E432D8F3689B2595D7
-
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-08 15:09:53
-----------------------------
15:09:53.313 OS Version: Windows 6.1.7601 Service Pack 1
15:09:53.313 Number of processors: 2 586 0x1706
15:09:53.314 ComputerName: JOANNE-PC UserName: JoAnne
15:09:54.857 Initialize success
15:11:28.748 AVAST engine defs: 12050801
15:11:31.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
15:11:31.845 Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610479MB BusType: 3
15:11:31.851 Disk 0 MBR read successfully
15:11:31.854 Disk 0 MBR scan
15:11:31.929 Disk 0 Windows 7 default MBR code
15:11:31.935 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:11:31.977 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 610377 MB offset 206848
15:11:32.017 Disk 0 scanning sectors +1250258944
15:11:32.120 Disk 0 scanning C:\Windows\system32\drivers
15:11:45.431 Service scanning
15:12:00.147 Service MpKsle2fad550 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F18BDFD8-81E9-4457-BB76-D4AE07CC2DAE}\MpKsle2fad550.sys **LOCKED** 32
15:12:14.718 Modules scanning
15:12:21.140 Disk 0 trace - called modules:
15:12:21.155 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
15:12:21.159 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c35948]
15:12:21.164 3 CLASSPNP.SYS[891ba59e] -> nt!IofCallDriver -> [0x857cf8b8]
15:12:21.169 5 ACPI.sys[88c9f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0x84e7a030]
15:12:23.376 AVAST engine scan C:\Windows
15:12:25.690 AVAST engine scan C:\Windows\system32
15:15:34.696 AVAST engine scan C:\Windows\system32\drivers
15:15:50.769 AVAST engine scan C:\Users\JoAnne
15:29:30.844 AVAST engine scan C:\ProgramData
15:32:50.299 Scan finished successfully
15:33:08.746 Disk 0 MBR has been saved successfully to "C:\Users\JoAnne\Downloads\MBR.dat"
15:33:08.813 The log file has been saved successfully to "C:\Users\JoAnne\Downloads\aswMBR.txt"
-
Merged post
Hello, I've just gotten infected with Incredibar. Ran full scan of Malwarebytes but that didn't solve the problem - it did, however, remove the bundle installer.
DDS.txt log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by JoAnne at 14:03:04 on 2012-05-08
Microsoft Windows 7 Home Premium N 6.1.7601.1.1252.1.1033.18.2046.1113 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\JoAnne\AppData\Local\Akamai\netsession_win.exe
C:\Users\JoAnne\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\JoAnne\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\JoAnne\Downloads\OTL.exe
C:\Windows\notepad.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://mystart.incredibar.com/mb143?a=6OyBggZdYG&i=26
uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Accessibility Toolbar: {11352a67-0178-46b1-8855-d50b2f81c054} - c:\progra~1\wat_en\ACCESS~1.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [googletalk] c:\users\joanne\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\users\joanne\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [AdobeBridge]
uRun: [Akamai NetSession Interface] "c:\users\joanne\appdata\local\akamai\netsession_win.exe"
mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [WD Anywhere Backup] c:\program files\wd\wd anywhere backup\MemeoLauncher2.exe --silent
mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\joanne\appdata\roaming\micros~1\windows\startm~1\programs\startup\advanc~1.lnk - c:\program files\advanced registry optimizer\ARO.exe
StartupFolder: c:\users\joanne\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\joanne\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\joanne\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Edit with Altova X&MLSpy - c:\program files\altova\xmlspy2011\spy.htm
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2222EF56-F49E-4d07-A14E-8D2B08766958} - c:\program files\altova\xmlspy2011\spy.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{118867A3-B578-4AC3-9664-37A1D65CD984} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\joanne\appdata\roaming\mozilla\firefox\profiles\k2tlyjbb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://malaysia.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb143?a=6OyBggZdYG&i=26
FF - prefs.js: keyword.URL - hxxp://malaysia.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\joanne\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\joanne\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\joanne\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyBggZdYG&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 52cfa03a000000000000001fd013055c
FF - user.js: extensions.incredibar_i.instlDay - 15468
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:55:21
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyBggZdYG
FF - user.js: extensions.incredibar_i.upn2n - 92261375971292222
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 171064]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-26 176128]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2009-11-12 25824]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1cac52b62dd0291;Google Update Service (gupdate1cac52b62dd0291);c:\program files\google\update\GoogleUpdate.exe [2010-3-16 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-16 133104]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-23 52224]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-6-28 1310720]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-19 1343400]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
.
=============== Created Last 30 ================
.
2012-05-08 20:41:19 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f18bdfd8-81e9-4457-bb76-d4ae07cc2dae}\offreg.dll
2012-05-08 04:00:56 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f18bdfd8-81e9-4457-bb76-d4ae07cc2dae}\mpengine.dll
2012-05-07 03:03:30 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-04-25 08:16:54 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 08:16:50 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-25 08:16:50 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-15 04:53:08 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-04-13 07:33:39 -------- d-----w- c:\users\joanne\appdata\local\CrashDumps
2012-04-12 09:11:07 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 09:11:07 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 09:11:07 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 09:11:06 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 09:09:57 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 09:09:57 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
.
==================== Find3M ====================
.
2012-05-05 03:58:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 03:58:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 03:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-16 09:47:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-14 19:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
============= FINISH: 14:03:22.75 ===============
Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium N
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2010 12:40:45 PM
System Uptime: 5/8/2012 1:29:29 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | G31M-ES2L
Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz | Socket 775 | 2333/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 596 GiB total, 528.837 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP641: 4/19/2012 7:56:15 PM - Windows Update
RP642: 4/23/2012 10:05:38 AM - Windows Update
RP643: 4/26/2012 10:09:54 AM - Windows Update
RP644: 4/29/2012 5:55:49 PM - Windows Update
RP645: 5/1/2012 12:31:49 AM - Windows Update
RP646: 5/4/2012 3:00:58 PM - Windows Update
RP647: 5/7/2012 9:00:19 PM - Windows Update
RP648: 5/8/2012 1:47:57 PM - OTL Restore Point - 5/8/2012 1:47:54 PM
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Design Premium
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop Elements 9
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
AIM 7
Akamai NetSession Interface
Akamai NetSession Interface Service
Altova XMLSpy® 2011 rel. 2 sp1 Enterprise Edition
AMD Drag and Drop Transcoding
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
ATI Catalyst Registration
Audacity 1.3.12 (Unicode)
BlackBerry Desktop Software 5.0.1
BlackBerry Desktop Software 6.0.1
Blackboard IM 4.0.1-C
Bonjour
Brother MFL-Pro Suite MFC-240C
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
Core FTP LE
Coupon Printer for Windows
Creative Lettering Combo
Data Lifeguard Diagnostic for Windows
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Download Updater (AOL LLC)
Dropbox
Easy CD-DA Extractor 2011
Elements 9 Organizer
Elements STI Installer
Elluminate Publish! 2.3
Emicsoft Mod Converter
File Type Assistant
FinePrint
Foxit Creator
Foxit Reader
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
iBBDemo2
iCloud
Inmagic DB/TextWorks
Inmagic DB/TextWorks 12.00
iTunes
Java Auto Updater
Java™ 6 Update 31
Jing
LAME v3.98.3 for Audacity
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Access 2010
Microsoft Application Error Reporting
Microsoft IntelliPoint 7.0
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NOOK for PC
Notepad++
OCLC Dewey Cutter Program
PDF Settings CS5
PrimoPDF -- brought to you by Nitro PDF Software
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Safari
SecondLifeViewer2 (remove only)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Skype™ 4.2
Snagit 11
SSH Secure Shell
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 1.0.3
WD Anywhere Backup
WD Drive Manager (x86)
Web Accessibility Toolbar Uninstall
Windows Media Player Firefox Plugin
Windows Mobile Device Updater Component
WMV9/VC-1 Video Playback
Yahoo! Messenger
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
5/7/2012 5:03:08 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
5/6/2012 11:12:16 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
5/6/2012 1:35:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
5/1/2012 11:02:31 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer T45-EYCHEN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{118867A3-B578-4AC3-9664-37A1D65. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
Infected with Whitesmoke Toolbar
in Resolved Malware Removal Logs
Posted
Read the post - cleaned up the laptop - and have no other questions.
Thanks again!!