Jump to content

Ryboflavin

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral

About Ryboflavin

  • Birthday 12/04/1981
  1. I haven't gotten anything else from malwarebytes.. maybe it was a fluke? I don't know. But either way, it seems to be good to go. And with that last reply, combofix is gone. Thank you for all your help!
  2. That didn't work either... All it's doing is bringing up Combofix to run, not to uninstall... Also, malwarebytes is still popping up in the corner catching a few things here and there, although I'm not sure what they are.
  3. Also, I can't uninstall Combofix. I'm running windows 7 and when I type "Combofix /uninstall" in the search and hit enter nothing comes up.
  4. It seems to be running fine! Can I delete any programs or files or anything that were created ? Thanks!
  5. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 This is what was in the "log.txt" located at C:\Program Files (x86)\ESET\ESET Online Scanner
  6. ComboFix 12-07-19.02 - Ryan 07/19/2012 20:39:26.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2206 [GMT -4:00] Running from: c:\users\Ryan\Desktop\ComboFix.exe Command switches used :: c:\users\Ryan\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Ryan\AppData\Local\Audiogalaxy c:\users\Ryan\AppData\Local\Audiogalaxy\ag.dat c:\users\Ryan\AppData\Local\Audiogalaxy\Audiogalaxy-Helper.exe c:\users\Ryan\AppData\Local\Audiogalaxy\Audiogalaxy-Upgrader.exe c:\users\Ryan\AppData\Local\Audiogalaxy\Audiogalaxy.exe c:\users\Ryan\AppData\Local\Audiogalaxy\avcodec-52.dll c:\users\Ryan\AppData\Local\Audiogalaxy\avformat-52.dll c:\users\Ryan\AppData\Local\Audiogalaxy\avutil-50.dll c:\users\Ryan\AppData\Local\Audiogalaxy\fldrv080.ocx c:\users\Ryan\AppData\Local\Audiogalaxy\InstallerTools.dll c:\users\Ryan\AppData\Local\Audiogalaxy\libeay32.dll c:\users\Ryan\AppData\Local\Audiogalaxy\licenses.txt c:\users\Ryan\AppData\Local\Audiogalaxy\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest c:\users\Ryan\AppData\Local\Audiogalaxy\Microsoft.VC90.CRT\msvcm90.dll c:\users\Ryan\AppData\Local\Audiogalaxy\Microsoft.VC90.CRT\msvcp90.dll c:\users\Ryan\AppData\Local\Audiogalaxy\Microsoft.VC90.CRT\msvcr90.dll c:\users\Ryan\AppData\Local\Audiogalaxy\sqlite3.dll c:\users\Ryan\AppData\Local\Audiogalaxy\ssleay32.dll c:\users\Ryan\AppData\Local\Audiogalaxy\tag.dll c:\users\Ryan\AppData\Local\Audiogalaxy\uninstall.exe c:\users\Ryan\AppData\Local\Audiogalaxy\upgrade-log c:\users\Ryan\AppData\Local\Audiogalaxy\zlib1.dll c:\users\Ryan\AppData\Local\CRE c:\users\Ryan\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx . . ((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 ))))))))))))))))))))))))))))))) . . 2012-07-20 00:48 . 2012-07-20 00:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-20 00:48 . 2012-07-20 00:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-20 00:30 . 2012-07-20 00:30 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFD661EA-2C3B-431E-B1E9-FF21BB8B8A4B}\offreg.dll 2012-07-19 16:48 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFD661EA-2C3B-431E-B1E9-FF21BB8B8A4B}\mpengine.dll 2012-07-18 14:43 . 2012-07-19 02:16 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-17 23:11 . 2012-07-17 23:11 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes 2012-07-17 23:10 . 2012-07-17 23:10 -------- d-----w- c:\programdata\Malwarebytes 2012-07-17 23:10 . 2012-07-17 23:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-17 23:10 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-17 16:47 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-12 17:37 . 2012-07-12 17:37 -------- d-----w- c:\users\Ryan\dwhelper 2012-07-11 15:11 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 11:01 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-09 22:06 . 2012-02-10 17:23 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E26B8CBB-A114-490B-B559-E6EB0B4C9FFA}\gapaengine.dll 2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2012-06-26 00:06 . 2012-06-26 00:06 -------- d-----w- c:\programdata\Apple Computer 2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-06-22 01:12 . 2012-06-25 22:46 -------- d-----w- c:\program files (x86)\WinZip Registry Optimizer 2012-06-20 17:42 . 2012-06-25 22:46 -------- d-----w- c:\users\Ryan\AppData\Roaming\Nico Mak Computing 2012-06-20 17:42 . 2011-08-18 13:32 18760 ----a-w- c:\windows\system32\roboot64.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-18 01:40 . 2011-10-03 16:38 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-07-18 01:40 . 2011-10-03 16:31 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-07-18 01:40 . 2011-10-03 16:31 281880 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-07-12 00:30 . 2012-04-06 17:58 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 00:30 . 2011-10-02 18:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 15:06 . 2011-10-03 03:29 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-02 22:19 . 2012-06-19 11:17 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-19 11:17 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-19 11:17 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-19 11:17 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-19 11:17 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-19 11:17 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-19 11:17 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-19 11:16 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-19 11:16 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-15 10:48 . 2012-05-23 07:43 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2012-05-15 10:48 . 2012-05-23 07:43 25743168 ----a-w- c:\windows\system32\nvoglv64.dll 2012-05-15 10:48 . 2012-05-23 07:43 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-05-15 10:48 . 2012-05-23 07:43 8139072 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:48 . 2012-05-23 07:43 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-05-15 10:48 . 2012-05-23 07:43 364352 ----a-w- c:\windows\system32\nvdecodemft.dll 2012-05-15 10:48 . 2012-05-23 07:43 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll 2012-05-15 10:48 . 2012-05-23 07:43 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:48 . 2012-05-23 07:43 2681664 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:48 . 2012-05-23 07:43 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-05-15 10:48 . 2012-05-23 07:43 25248064 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:48 . 2012-05-23 07:43 246592 ----a-w- c:\windows\system32\nvinitx.dll 2012-05-15 10:48 . 2012-05-23 07:43 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-05-15 10:48 . 2012-05-23 07:43 202048 ----a-w- c:\windows\SysWow64\nvinit.dll 2012-05-15 10:48 . 2012-05-23 07:43 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-05-15 10:48 . 2012-05-23 07:43 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-05-15 10:48 . 2012-05-23 07:43 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-05-15 10:48 . 2012-03-27 13:52 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-05-15 10:48 . 2012-03-27 13:52 68928 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:48 . 2012-03-27 13:52 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-05-15 10:48 . 2012-03-27 13:52 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-05-15 10:48 . 2012-03-27 13:52 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-05-15 10:48 . 2012-02-26 12:07 949056 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-05-15 10:48 . 2011-10-28 15:42 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-05-15 10:48 . 2011-10-28 15:42 1738048 ----a-w- c:\windows\system32\nvdispco64.dll 2012-05-15 10:48 . 2011-10-28 15:42 1468224 ----a-w- c:\windows\system32\nvgenco64.dll 2012-05-15 10:48 . 2011-10-02 18:29 2741568 ----a-w- c:\windows\system32\nvapi64.dll 2012-05-15 09:29 . 2011-10-02 18:30 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-05-15 09:29 . 2011-10-02 18:30 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-05-15 09:29 . 2011-10-02 18:30 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-15 09:29 . 2012-02-26 12:08 2621723 ----a-w- c:\windows\system32\nvcoproc.bin 2012-05-15 09:29 . 2011-10-02 18:30 3149632 ----a-w- c:\windows\system32\nvsvc64.dll 2012-05-15 09:28 . 2011-10-02 18:30 6151488 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-05-04 11:06 . 2012-06-13 23:32 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 11:00 . 2012-06-14 01:01 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-05-04 10:03 . 2012-06-13 23:32 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 23:32 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-04 09:59 . 2012-06-14 01:01 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-05-01 05:40 . 2012-06-13 23:32 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-13 23:31 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-13 23:33 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 23:33 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 23:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-13 23:31 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-13 23:31 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-13 23:31 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-13 23:31 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-13 23:31 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-13 23:31 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-07-19_16.37.19 ))))))))))))))))))))))))))))))))))))))))) . + 2011-10-02 18:03 . 2012-07-20 00:34 32976 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-20 00:34 27772 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-10-02 17:56 . 2012-07-20 00:34 14218 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3157812191-848985500-3526757529-1000_UserData.bin + 2011-10-03 06:03 . 2012-07-19 16:46 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2012-07-20 00:30 . 2012-07-20 00:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-19 16:32 . 2012-07-19 16:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-19 16:32 . 2012-07-19 16:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-20 00:30 . 2012-07-20 00:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-07-19 16:31 473312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-19 17:01 473312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-10-02 18:32 . 2012-07-19 04:32 65023372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3157812191-848985500-3526757529-1000-8192.dat + 2011-10-02 18:32 . 2012-07-19 17:01 65023372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3157812191-848985500-3526757529-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-06-20 12163848] "googletalk"="c:\users\Ryan\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Facebook Update"="c:\users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152] "VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 116648] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] R2 PhoneMyPC_Helper;PhoneMyPC_Helper;c:\program files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [2011-07-15 31232] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944] R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2009-06-04 278528] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-03-27 21712] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 116648] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-03 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144] R4 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-10-24 520040] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464] R4 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-11-10 370504] R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Contents of the 'Scheduled Tasks' folder . 2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 00:30] . 2012-07-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3157812191-848985500-3526757529-1000Core.job - c:\users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 22:30] . 2012-07-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3157812191-848985500-3526757529-1000UA.job - c:\users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 22:30] . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 00:26] . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 00:26] . 2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157812191-848985500-3526757529-1000Core.job - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 04:28] . 2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157812191-848985500-3526757529-1000UA.job - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 04:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.110.223\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.110.223\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = 219.83.62.50:8080 IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\b0anleco.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . - - - - ORPHANS REMOVED - - - - . AddRemove-GoldenEye: Source - c:\program files (x86)\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe AddRemove-Audiogalaxy - c:\users\Ryan\AppData\Local\Audiogalaxy\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68, 55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3 "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f, 03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{DDA57003-0068-4ED2-9D32-4D1EC707D94D}"=hex:51,66,7a,6c,4c,1d,38,12,6d,73,b6, d9,5a,4e,bc,0b,e2,24,0e,5e,c2,59,9d,59 "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 "{5802D092-1784-4908-8CDB-99B6842D353D}"=hex:51,66,7a,6c,4c,1d,38,12,fc,d3,11, 5c,b6,59,66,0c,f3,cd,da,f6,81,73,71,29 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:30,b8,f0,cb,ab,86,cc,01 . [HKEY_USERS\S-1-5-21-3157812191-848985500-3526757529-1000\Software\SecuROM\License information*] "datasecu"=hex:99,0e,3f,e1,07,1f,26,b1,a4,20,ac,6e,a7,9d,01,41,74,a6,ee,1b,fb, d8,c7,a6,d3,04,fa,03,0d,3b,14,90,a4,08,db,e7,fb,b5,6c,51,2e,ab,c7,08,4c,b9,\ "rkeysecu"=hex:fb,ca,07,41,ef,41,e8,0c,86,d8,50,93,f3,c6,25,76 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-19 20:51:46 ComboFix-quarantined-files.txt 2012-07-20 00:51 ComboFix2.txt 2012-07-19 16:43 . Pre-Run: 55,099,826,176 bytes free Post-Run: 56,359,510,016 bytes free . - - End Of File - - B3F8AB9754E2D16E511E05F3546C714E
  7. ComboFix 12-07-18.04 - Ryan 07/19/2012 12:22:14.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2641 [GMT -4:00] Running from: c:\users\Ryan\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Ryan\AppData\Local\assembly\tmp c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\tmpBD5B.tmp c:\windows\SysWow64\tmpBD5C.tmp c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 ))))))))))))))))))))))))))))))) . . 2012-07-19 16:32 . 2012-07-19 16:32 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{758D3A8D-7D85-4062-9C8B-12EBE83875B3}\offreg.dll 2012-07-19 02:29 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{758D3A8D-7D85-4062-9C8B-12EBE83875B3}\mpengine.dll 2012-07-18 14:43 . 2012-07-19 02:16 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-17 23:11 . 2012-07-17 23:11 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes 2012-07-17 23:10 . 2012-07-17 23:10 -------- d-----w- c:\programdata\Malwarebytes 2012-07-17 23:10 . 2012-07-17 23:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-17 23:10 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-17 16:47 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-12 17:37 . 2012-07-12 17:37 -------- d-----w- c:\users\Ryan\dwhelper 2012-07-11 15:11 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 11:01 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-09 22:06 . 2012-02-10 17:23 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E26B8CBB-A114-490B-B559-E6EB0B4C9FFA}\gapaengine.dll 2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2012-06-26 00:06 . 2012-06-26 00:06 -------- d-----w- c:\programdata\Apple Computer 2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-06-22 01:12 . 2012-06-25 22:46 -------- d-----w- c:\program files (x86)\WinZip Registry Optimizer 2012-06-20 17:42 . 2012-06-20 17:42 -------- d-----w- c:\users\Ryan\AppData\Local\CRE 2012-06-20 17:42 . 2012-06-25 22:46 -------- d-----w- c:\users\Ryan\AppData\Roaming\Nico Mak Computing 2012-06-20 17:42 . 2011-08-18 13:32 18760 ----a-w- c:\windows\system32\roboot64.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-18 01:40 . 2011-10-03 16:38 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-07-18 01:40 . 2011-10-03 16:31 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-07-18 01:40 . 2011-10-03 16:31 281880 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-07-12 00:30 . 2012-04-06 17:58 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 00:30 . 2011-10-02 18:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 15:06 . 2011-10-03 03:29 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-02 22:19 . 2012-06-19 11:17 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-19 11:17 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-19 11:17 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-19 11:17 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-19 11:17 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-19 11:17 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-19 11:17 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-19 11:16 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-19 11:16 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-15 10:48 . 2012-05-23 07:43 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2012-05-15 10:48 . 2012-05-23 07:43 25743168 ----a-w- c:\windows\system32\nvoglv64.dll 2012-05-15 10:48 . 2012-05-23 07:43 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-05-15 10:48 . 2012-05-23 07:43 8139072 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:48 . 2012-05-23 07:43 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-05-15 10:48 . 2012-05-23 07:43 364352 ----a-w- c:\windows\system32\nvdecodemft.dll 2012-05-15 10:48 . 2012-05-23 07:43 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll 2012-05-15 10:48 . 2012-05-23 07:43 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:48 . 2012-05-23 07:43 2681664 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:48 . 2012-05-23 07:43 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-05-15 10:48 . 2012-05-23 07:43 25248064 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:48 . 2012-05-23 07:43 246592 ----a-w- c:\windows\system32\nvinitx.dll 2012-05-15 10:48 . 2012-05-23 07:43 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-05-15 10:48 . 2012-05-23 07:43 202048 ----a-w- c:\windows\SysWow64\nvinit.dll 2012-05-15 10:48 . 2012-05-23 07:43 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-05-15 10:48 . 2012-05-23 07:43 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-05-15 10:48 . 2012-05-23 07:43 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-05-15 10:48 . 2012-03-27 13:52 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-05-15 10:48 . 2012-03-27 13:52 68928 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:48 . 2012-03-27 13:52 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-05-15 10:48 . 2012-03-27 13:52 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-05-15 10:48 . 2012-03-27 13:52 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-05-15 10:48 . 2012-02-26 12:07 949056 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-05-15 10:48 . 2011-10-28 15:42 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-05-15 10:48 . 2011-10-28 15:42 1738048 ----a-w- c:\windows\system32\nvdispco64.dll 2012-05-15 10:48 . 2011-10-28 15:42 1468224 ----a-w- c:\windows\system32\nvgenco64.dll 2012-05-15 10:48 . 2011-10-02 18:29 2741568 ----a-w- c:\windows\system32\nvapi64.dll 2012-05-15 09:29 . 2011-10-02 18:30 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-05-15 09:29 . 2011-10-02 18:30 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-05-15 09:29 . 2011-10-02 18:30 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-15 09:29 . 2012-02-26 12:08 2621723 ----a-w- c:\windows\system32\nvcoproc.bin 2012-05-15 09:29 . 2011-10-02 18:30 3149632 ----a-w- c:\windows\system32\nvsvc64.dll 2012-05-15 09:28 . 2011-10-02 18:30 6151488 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-05-04 11:06 . 2012-06-13 23:32 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 11:00 . 2012-06-14 01:01 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-05-04 10:03 . 2012-06-13 23:32 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 23:32 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-04 09:59 . 2012-06-14 01:01 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-05-01 05:40 . 2012-06-13 23:32 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-13 23:31 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-13 23:33 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 23:33 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 23:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-13 23:31 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-13 23:31 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-13 23:31 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-13 23:31 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-13 23:31 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-13 23:31 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-06-20 12163848] "Audiogalaxy"="c:\users\Ryan\AppData\Local\Audiogalaxy\Audiogalaxy.exe" [2012-05-29 2959488] "googletalk"="c:\users\Ryan\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Facebook Update"="c:\users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152] "VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 116648] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] R2 PhoneMyPC_Helper;PhoneMyPC_Helper;c:\program files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [2011-07-15 31232] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944] R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2009-06-04 278528] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-03-27 21712] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 116648] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-03 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144] R4 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-10-24 520040] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464] R4 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-11-10 370504] R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] . . Contents of the 'Scheduled Tasks' folder . 2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 00:30] . 2012-07-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3157812191-848985500-3526757529-1000Core.job - c:\users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 22:30] . 2012-07-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3157812191-848985500-3526757529-1000UA.job - c:\users\Ryan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 22:30] . 2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 00:26] . 2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 00:26] . 2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157812191-848985500-3526757529-1000Core.job - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 04:28] . 2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157812191-848985500-3526757529-1000UA.job - c:\users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 04:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.110.223\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.110.223\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] "combofix"="c:\combofix\CF22313.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = 219.83.62.50:8080 IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\b0anleco.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file) SafeBoot-96145931.sys WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe AddRemove-GoldenEye: Source - c:\program files (x86)\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe AddRemove-Kies Air Discovery Service - c:\windows\system32\javaws.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68, 55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3 "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f, 03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{DDA57003-0068-4ED2-9D32-4D1EC707D94D}"=hex:51,66,7a,6c,4c,1d,38,12,6d,73,b6, d9,5a,4e,bc,0b,e2,24,0e,5e,c2,59,9d,59 "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 "{5802D092-1784-4908-8CDB-99B6842D353D}"=hex:51,66,7a,6c,4c,1d,38,12,fc,d3,11, 5c,b6,59,66,0c,f3,cd,da,f6,81,73,71,29 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:30,b8,f0,cb,ab,86,cc,01 . [HKEY_USERS\S-1-5-21-3157812191-848985500-3526757529-1000\Software\SecuROM\License information*] "datasecu"=hex:99,0e,3f,e1,07,1f,26,b1,a4,20,ac,6e,a7,9d,01,41,74,a6,ee,1b,fb, d8,c7,a6,d3,04,fa,03,0d,3b,14,90,a4,08,db,e7,fb,b5,6c,51,2e,ab,c7,08,4c,b9,\ "rkeysecu"=hex:fb,ca,07,41,ef,41,e8,0c,86,d8,50,93,f3,c6,25,76 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Completion time: 2012-07-19 12:43:25 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-19 16:43 . Pre-Run: 53,614,747,648 bytes free Post-Run: 55,075,516,416 bytes free . - - End Of File - - E5B0176A6966EC19EE11748AD28CD8D3
  8. Here are the log files.. I tried to copy and paste them but it said it was too long of a post so I'm just attaching them. Thanks. TDSSKiller.2.7.46.0_18.07.2012_10.42.12_log.txt mbam-log-2012-07-18 (10-49-51).txt DDS.txt
  9. Hello, Earlier today my computer restarted while I was surfing theChive.com. I thought, okay, that was strange. Then as I was eating dinner I heard it playing an AD but noticed there were no programs open. I've ran both antivirus and malwarebytes and it's still happening. Please help. Attached are the two text files per request. Thank you!! Ryan Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.