Jump to content

3dtrooper

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Everything posted by 3dtrooper

  1. 3dtrooper
    But everything else seems alright. What security software do you recommend? Thanks
  2. 3dtrooper
    I tried disabling and it was not comodo it's avast. hmm
  3. 3dtrooper
    I have a problem I cannot access this thread from the pc(thats why the late reply). I am posting from my phone. I had these dns servers set, eventhough I did not put these. I usually have google dns (8.8.8.8) 8.26.56.26 156.154.70.22 So I changed it back to google's but I still cannot access the thread (the rest of the website is ok) Chrome says "connection reset", and Opera says "Connection closed by remote server". Something strange is going on. Here are the logs: ComboFix 12-11-16.02 - Monkey 16/11/2012 22:53:20.3.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1250.36.1033.18.6143.1723 [GMT 1:00] Running from: c:\users\Monkey\Desktop\ComboFix.exe Command switches used :: c:\users\Monkey\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Emsisoft Anti-Malware *Disabled/Outdated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA} FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC} SP: Emsisoft Anti-Malware *Disabled/Outdated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\program files (x86)\toolbar.exe" "e:\backup\C\Users\Adam\AppData\Local\Babylon\Setup\Setup-tbmntr.cab" "e:\backup\C\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000066" "e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7560f91-33abe99e" "e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\54cd4856-6b867d80" "e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\6fdb3704-4c09abe1" "e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\56605bc-17493612" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\toolbar.exe e:\backup\C\Users\Adam\AppData\Local\Babylon\Setup\Setup-tbmntr.cab e:\backup\C\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000066 e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7560f91-33abe99e e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\54cd4856-6b867d80 e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\6fdb3704-4c09abe1 e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\56605bc-17493612 . Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected Restored copy from - c:\windows\erdnt\cache86\userinit.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 ))))))))))))))))))))))))))))))) . . 2012-11-16 22:04 . 2012-11-16 22:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-16 22:04 . 2012-11-16 22:04 -------- d-----w- c:\users\Adam\AppData\Local\temp 2012-11-16 08:19 . 2012-11-16 08:19 -------- d-----w- C:\FRST 2012-11-16 02:03 . 2012-11-16 02:03 -------- d-----w- c:\program files (x86)\ESET 2012-11-16 00:00 . 2012-11-16 00:00 -------- d-----w- c:\windows\ERUNT 2012-11-16 00:00 . 2012-11-16 00:00 -------- d-----w- C:\JRT 2012-11-15 22:11 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-11-15 21:50 . 2012-11-15 21:50 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-11-14 15:32 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEDEB233-E98F-4D4A-99CE-7E265FB3A456}\mpengine.dll 2012-11-11 21:34 . 2012-11-11 21:34 -------- d-----w- c:\users\Monkey\AppData\Local\Programs 2012-10-31 17:37 . 2012-10-31 17:37 -------- d-----w- c:\program files (x86)\PMSystem 2012-10-30 01:57 . 2012-10-30 01:57 -------- d-----w- c:\program files\Recuva 2012-10-29 19:38 . 2012-10-29 19:38 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-10-29 19:37 . 2012-10-29 19:37 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-29 19:37 . 2012-10-29 19:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-18 19:36 . 2012-10-22 07:48 -------- d-----w- C:\processing-1.5.1 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-30 22:51 . 2011-10-24 22:24 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2011-10-24 22:24 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2011-10-24 22:24 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2011-10-24 22:24 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2011-10-24 22:24 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2011-10-24 22:24 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2011-10-24 22:24 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 22:50 . 2011-10-24 22:24 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-29 19:37 . 2011-11-02 00:15 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-13 01:02 . 2011-10-25 09:06 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-09 13:37 . 2012-06-10 13:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 13:37 . 2011-10-24 23:14 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-14 20:57 . 2012-09-14 20:57 7026 ----a-w- c:\windows\smburl3b.vbs 2012-09-14 19:19 . 2012-10-12 11:52 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-12 11:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-07 15:04 . 2012-10-07 02:38 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-31 18:19 . 2012-10-12 11:54 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-12 11:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-12 11:53 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-12 11:53 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-24 18:05 . 2012-10-12 11:52 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-12 11:52 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-24 11:15 . 2012-09-23 01:01 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-23 01:01 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-23 01:01 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-23 01:01 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-23 01:01 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-23 01:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-23 01:01 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-23 01:01 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-23 01:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-23 01:01 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-23 01:01 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-23 01:01 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-23 01:01 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-23 01:01 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-23 01:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-23 01:01 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-23 01:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-23 01:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-23 01:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-23 01:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-23 01:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-23 01:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 14:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 14:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 14:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 14:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-25 19:59 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-20 18:48 . 2012-10-12 11:53 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-20 18:48 . 2012-10-12 11:53 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-20 18:48 . 2012-10-12 11:53 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-20 18:48 . 2012-10-12 11:53 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 18:48 . 2012-10-12 11:53 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-20 18:48 . 2012-10-12 11:53 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 18:48 . 2012-10-12 11:53 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-20 18:46 . 2012-10-12 11:53 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 18:38 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 17:40 . 2012-10-12 11:53 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38 . 2012-10-12 11:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-20 17:38 . 2012-10-12 11:53 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2012-08-20 17:37 . 2012-10-12 11:53 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-08-20 17:37 . 2012-10-12 11:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-08-20 17:32 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2011-12-07 872448] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "Hobbyist Software On-Off Helper"="c:\program files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Configuration.exe" [2012-11-10 554520] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168] . c:\users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Monkey\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] [bU] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320] R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [2011-07-27 29576] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 28672] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-06-06 13352] R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1255736] R4 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-10-06 3084176] R4 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2011-08-16 147563] R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-15 2461104] R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320] S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2011-07-27 24456] S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-05-11 178728] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208] S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-04-30 44688] S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-01-17 577824] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-12-19 43248] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-25 270912] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-26 204288] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] S2 Off-Helper;Off-Helper;c:\program files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Service.exe [2012-11-10 6656] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-26 93712] S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [2011-07-27 25352] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 30088] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 27016] S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2011-12-21 34304] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-28 28160] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720] . . Contents of the 'Scheduled Tasks' folder . 2012-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 13:37] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 22:24] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 22:24] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500Core.job - c:\users\Monkey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 23:47] . 2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500UA.job - c:\users\Monkey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 23:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 8.8.4.4 192.168.0.1 TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\4727F6C6C6: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\55375645869637: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\74971627D6164775946494: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\A4F696B6573507F647F5030323136454334463646413: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{93E2885C-B51A-49D1-A5EE-5A194FDFC57B}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\1647441677E6: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\8405E2E65647: NameServer = 8.8.4.4,8.8.8.8 TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\D427E24527F6C6C6: NameServer = 8.8.4.4,8.8.8.8 . - - - - ORPHANS REMOVED - - - - . AddRemove-HijackThis - c:\users\Monkey\AppData\Local\Temp\HijackThis.exe . . . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Hobbyist Software\Off Remote Helper\mDNSResponder.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Remote Mouse\server\server.exe . ************************************************************************** . Completion time: 2012-11-16 23:16:16 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-16 22:16 ComboFix2.txt 2012-11-16 01:45 ComboFix3.txt 2012-11-15 23:59 . Pre-Run: 105,225,052,160 bytes free Post-Run: 104,984,256,512 bytes free . - - End Of File - - 5EB35750DE670B1BDF4A616A4BDED048 Farbar Service Scanner Version: 09-11-2012 Ran by Monkey (administrator) on 17-11-2012 at 16:03:22 Running from "C:\Users\Monkey\Downloads" Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** MiniToolBox by Farbar Version: 10-11-2012 02 Ran by Monkey (administrator) on 17-11-2012 at 16:00:05 Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. ========================= Hosts content: ================================= 127.0.0.1 localhost =========================== Installed Programs ============================ 64 Bit HP CIO Components Installer (Version: 6.2.2) ABN AMRO e.dentifier2 software (Version: 02.00) Adobe AIR (Version: 3.0.0.4080) Adobe Flash Player 10 ActiveX (Version: 10.0.32.18) Adobe Flash Player 11 Plugin (Version: 11.4.402.287) Adobe Reader X (10.1.4) (Version: 10.1.4) AGEIA PhysX v7.11.13 (Version: 7.11.13) AMD APP SDK Runtime (Version: 10.0.831.4) AMD AVIVO64 Codecs (Version: 11.7.0.11109) AMD Catalyst Install Manager (Version: 3.0.855.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Media Foundation Decoders (Version: 1.0.61109.2218) Android SDK Tools (Version: 1.16) Apple Application Support (Version: 2.1.5) Apple Mobile Device Support (Version: 4.0.0.96) Apple Software Update (Version: 2.1.3.127) Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (Version: 1.0.0.18) Audacity 1.3.13 (Unicode) Audiosurf Auslogics Disk Defrag (Version: version 3.4) Auto Gordian Knot 2.55 (Version: 2.55) avast! Free Antivirus (Version: 7.0.1474.0) Avidemux 2.5 (Version: 2.5.6.7716) AviSynth 2.6 (Version: 2.6.0.2) BlueSoleil 8.0.370.0 (Version: 8.0.370.0) Bluetooth Stack for Windows by Toshiba (Version: v8.00.03(T) Premium Edition) Bonjour (Version: 3.0.0.10) Bulk Rename Utility 2.7.1.2 Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center (Version: 2011.1109.2212.39826) Catalyst Control Center Graphics Previews Common (Version: 2011.1109.2212.39826) Catalyst Control Center InstallProxy (Version: 2011.1109.2212.39826) ccc-utility64 (Version: 2011.1109.2212.39826) CCC Help English (Version: 2011.1109.2211.39826) CCleaner (Version: 3.19) CDBurnerXP (Version: 4.4.0.2905) Combined Community Codec Pack 2011-07-30 (Version: 2011.07.30.0) Command & Conquer 3 (Version: 1.00.0000) Command & Conquer Generals (Version: 0.50.0000) Comodo Dragon (Version: 15.0) COMODO Internet Security (Version: 5.8.16726.2131) ConvertXtoDVD 4.1.10.348 (Version: 4.1.10.348) Core FTP LE CoreAVC Professional Edition (remove only) Counter-Strike: Source DAEMON Tools Lite (Version: 4.41.3.0173) Day of Defeat: Source Diablo III (Version: 1.0.4.11327) Dropbox (Version: 1.4.17) EASEUS Partition Master 9.1.0 Home Edition Elecard MPEG-2 PlugIn for WMP (Version: 5.0.111108) Empire Earth Empire Earth - The Art of Conquest Emsisoft Anti-Malware (Version: 7.0) eReg (Version: 1.20.138.34) ESET Online Scanner v3 Europe MapleStory EVEREST Home Edition v2.20 (Version: 2.20) F.E.A.R. 3 Facebook Video Calling 1.2.0.159 (Version: 1.2.159) FileZilla Client 3.5.3 (Version: 3.5.3) Flashtool (Version: 0.8.0.0) foobar2000 v1.1.8 (Version: 1.1.8) Fraps (remove only) GameRanger GIMP 2.6.11 (Version: 2.6.11) Google Chrome (Version: 23.0.1271.64) Google Talk Plugin (Version: 3.10.2.10212) Google Update Helper (Version: 1.3.21.123) Haali Media Splitter Half-Life 2 Half-Life 2: Episode One Half-Life 2: Episode Two Half-Life 2: Lost Coast Half-Life Dedicated Server Update Tool HD Tune 2.55 Heroes of Newerth (Version: 2.3.0) HijackThis 2.0.2 (Version: 2.0.2) HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (Version: 14.0) Huffyuv AVI lossless video codec (Remove Only) Hugin 2011.4.0 (Version: 2011.4.0 hg_cf9be9344356) ICQ7M (Version: 7.8) iExplorer 2.2.1.3 Image Data Converter (Version: 4.0.01.09151) iPhoneBrowser (Version: 1.9.3) IrfanView (remove only) (Version: 4.32) iTunes (Version: 10.5.0.142) Java 7 Update 9 (Version: 7.0.90) Java Auto Updater (Version: 2.1.9.0) Java 6 Update 31 (Version: 6.0.310) Lagarith Lossless Codec (1.3.27) League of Legends (Version: 1.3) Left 4 Dead 2 Left 4 Dead 2 Dedicated Server Logitech SetPoint 6.32 (Version: 6.32.20) LogMeIn Hamachi (Version: 2.1.0.215) Macromedia Dreamweaver 8 (Version: 8.0.0.2734) Macromedia Extension Manager (Version: 1.7.240) Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400) ManyCam 3.0.53 (remove only) (Version: 3.0.53) marvell 61xx (Version: 1.2.0.69) MediaInfo 0.7.50 (Version: 0.7.50) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Corporation (Version: 9.1.0.0) Microsoft LifeCam (Version: 3.22.270.0) Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Professional 2010 (Version: 14.0.4763.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Single Image 2010 (Version: 14.0.4763.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) MKVToolNix 5.6.0 (Version: 5.6.0) Movie Subtitles Searcher 1.0 (Version: 1.0) Mp3tag v2.49a (Version: v2.49a) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) My MP4Box GUI 0.5.5.4 (Version: 0.5.5.4) Neat Image v6.0 Pro+ Network64 (Version: 140.0.215.000) Nokia Connectivity Cable Driver (Version: 7.0.2.0) Notepad++ (Version: 5.9.5) Off Remote Helper On2 VP7 Personal Edition OpenAL Opera 12.02 (Version: 12.02.1578) Paint.NET v3.5.10 (Version: 3.60.0) Pando Media Booster (Version: 2.6.0.8) PC Connectivity Solution (Version: 8.22.7.0) Pdf Editor PDFCreator (Version: 1.2.3) plist Editor Pro 2.0.0 (Version: 2.0.0) Portal PS_AIO_06_B209a-m_SW_Min (Version: 140.0.690.000) QuickTime (Version: 7.71.80.42) RaceRoom Racing Experience Ralink RT2870 Wireless LAN Card (Version: 1.5.6.0) Realtek High Definition Audio Driver (Version: 6.0.1.5904) Recuva (Version: 1.43) Remote Mouse version 1.09 (Version: 1.09) Sami HTTP Server 2.0.1 Scan (Version: 140.0.80.000) Serif PhotoPlus X4 (Version: 14.0.1.012) Serious Sam 2 Skype 5.6 (Version: 5.6.110) SMPlayer 0.8.0 (Version: 0.8.0) Sony Ericsson Update Service (Version: 2.11.12.5) Sony PC Companion 2.10.065 (Version: 2.10.065) Source Multiplayer Dedicated Server Spotify (Version: 0.8.5.1333.g822e0de8) Spybot - Search & Destroy (Version: 1.6.2) Steam (Version: 1.0.0.0) Subtitle Workshop 2.51 SUPER v2011.build.49 (July 1st, 2011) version v2011.build.49 (Version: v2011.build.49) Team Fortress 2 Toolbox (Version: 140.0.428.000) Tunatic Universal Extractor 1.6.1 (Version: 1.6.1) Unreal Tournament 3: Black Edition Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) VLC (Version: 1.0.0.0) VLC media player 1.1.5 (Version: 1.1.5) VobSub v2.23 (Remove Only) Web Album Generator 1.8.2 Winamp (Version: 5.622 ) Winamp Detector Plug-in (Version: 1.0.0.1) Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0) WinRAR 4.01 (64-bit) (Version: 4.01.0) XviD MPEG4 Video Codec (remove only) Xvid Video Codec (Version: 1.3.2) **** End of log ****
  4. 3dtrooper
    About Office, I do not know as I did not install it personally myself. ComboFix 12-11-15.01 - Monkey 16/11/2012 2:36.2.4 - x64 NETWORK Microsoft Windows 7 Professional 6.1.7601.1.1250.36.1033.18.6143.3771 [GMT 1:00] Running from: c:\users\Monkey\Desktop\ComboFix.exe Command switches used :: c:\users\Monkey\Desktop\CFScript.txt AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Emsisoft Anti-Malware *Enabled/Outdated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA} FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC} SP: Emsisoft Anti-Malware *Enabled/Outdated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:\windows\SysWOW64\bscs.ini" "c:\windows\Tasks\AutoKMS.job" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWOW64\bscs.ini . . ((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 ))))))))))))))))))))))))))))))) . . 2012-11-16 08:19 . 2012-11-16 08:19 -------- d-----w- C:\FRST 2012-11-16 01:42 . 2012-11-16 01:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-16 01:42 . 2012-11-16 01:42 -------- d-----w- c:\users\Adam\AppData\Local\temp 2012-11-16 00:00 . 2012-11-16 00:00 -------- d-----w- c:\windows\ERUNT 2012-11-16 00:00 . 2012-11-16 00:00 -------- d-----w- C:\JRT 2012-11-15 23:49 . 2012-11-15 23:49 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEDEB233-E98F-4D4A-99CE-7E265FB3A456}\offreg.dll 2012-11-15 22:11 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-11-15 21:50 . 2012-11-15 21:50 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-11-14 15:32 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEDEB233-E98F-4D4A-99CE-7E265FB3A456}\mpengine.dll 2012-11-11 21:34 . 2012-11-11 21:34 -------- d-----w- c:\users\Monkey\AppData\Local\Programs 2012-10-31 17:37 . 2012-10-31 17:37 -------- d-----w- c:\program files (x86)\PMSystem 2012-10-30 01:57 . 2012-10-30 01:57 -------- d-----w- c:\program files\Recuva 2012-10-29 19:38 . 2012-10-29 19:38 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-10-29 19:37 . 2012-10-29 19:37 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-29 19:37 . 2012-10-29 19:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-18 19:36 . 2012-10-22 07:48 -------- d-----w- C:\processing-1.5.1 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-30 22:51 . 2011-10-24 22:24 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2011-10-24 22:24 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2011-10-24 22:24 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2011-10-24 22:24 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2011-10-24 22:24 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2011-10-24 22:24 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2011-10-24 22:24 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 22:50 . 2011-10-24 22:24 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-29 19:37 . 2011-11-02 00:15 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-13 01:02 . 2011-10-25 09:06 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-09 13:37 . 2012-06-10 13:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 13:37 . 2011-10-24 23:14 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-14 20:57 . 2012-09-14 20:57 7026 ----a-w- c:\windows\smburl3b.vbs 2012-09-14 19:19 . 2012-10-12 11:52 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-12 11:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-07 15:04 . 2012-10-07 02:38 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-31 18:19 . 2012-10-12 11:54 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-12 11:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-12 11:53 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-12 11:53 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-24 18:05 . 2012-10-12 11:52 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-12 11:52 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-24 11:15 . 2012-09-23 01:01 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-23 01:01 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-23 01:01 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-23 01:01 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-23 01:01 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-23 01:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-23 01:01 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-23 01:01 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-23 01:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-23 01:01 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-23 01:01 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-23 01:01 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-23 01:01 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-23 01:01 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-23 01:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-23 01:01 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-23 01:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-23 01:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-23 01:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-23 01:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-23 01:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-23 01:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 14:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 14:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 14:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 14:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-25 19:59 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-20 18:48 . 2012-10-12 11:53 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-20 18:48 . 2012-10-12 11:53 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-20 18:48 . 2012-10-12 11:53 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-20 18:48 . 2012-10-12 11:53 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 18:48 . 2012-10-12 11:53 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-20 18:48 . 2012-10-12 11:53 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 18:48 . 2012-10-12 11:53 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-20 18:46 . 2012-10-12 11:53 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 18:38 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 17:40 . 2012-10-12 11:53 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38 . 2012-10-12 11:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-20 17:38 . 2012-10-12 11:53 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2012-08-20 17:37 . 2012-10-12 11:53 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-08-20 17:37 . 2012-10-12 11:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-08-20 17:32 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll 2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll 2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll 2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2011-12-07 872448] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "Hobbyist Software On-Off Helper"="c:\program files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Configuration.exe" [2012-11-10 554520] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168] . c:\users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Monkey\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] [bU] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll . R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-26 204288] R2 aswFsBlk;aswFsBlk; [x] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] R2 Off-Helper;Off-Helper;c:\program files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Service.exe [2012-11-10 6656] R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320] R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [2011-07-27 29576] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 28672] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-06-06 13352] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1255736] R4 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-10-06 3084176] R4 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2011-08-16 147563] R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-15 2461104] R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320] S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2011-07-27 24456] S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-05-11 178728] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208] S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-04-30 44688] S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-01-17 577824] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-12-19 43248] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-25 270912] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-26 93712] S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [2011-07-27 25352] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 30088] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 27016] S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2011-12-21 34304] S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-28 28160] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720] . . Contents of the 'Scheduled Tasks' folder . 2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 13:37] . 2012-11-15 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-15 22:50] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 22:24] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 22:24] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500Core.job - c:\users\Monkey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 23:47] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500UA.job - c:\users\Monkey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 23:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 8.8.4.4 192.168.0.1 TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\4727F6C6C6: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\55375645869637: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\74971627D6164775946494: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\A4F696B6573507F647F5030323136454334463646413: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{93E2885C-B51A-49D1-A5EE-5A194FDFC57B}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\1647441677E6: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\8405E2E65647: NameServer = 8.8.4.4,8.8.8.8 TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\D427E24527F6C6C6: NameServer = 8.8.4.4,8.8.8.8 . - - - - ORPHANS REMOVED - - - - . AddRemove-HijackThis - c:\users\Monkey\AppData\Local\Temp\HijackThis.exe . . . Completion time: 2012-11-16 02:45:52 ComboFix-quarantined-files.txt 2012-11-16 01:45 ComboFix2.txt 2012-11-15 23:59 . Pre-Run: 96,324,788,224 bytes free Post-Run: 96,020,811,776 bytes free . - - End Of File - - 6BB02244228988114E173204F94E8E0C # AdwCleaner v2.007 - Logfile created 11/16/2012 at 02:51:05 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Monkey - ANTEC900 # Boot Mode : Safe mode with networking # Running from : C:\Users\Monkey\Downloads\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\user.js Folder Deleted : C:\Users\Monkey\AppData\Roaming\pdfforge ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v12.2.1578.0 File : C:\Users\Adam\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. File : C:\Users\Monkey\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [2102 octets] - [16/11/2012 02:50:51] AdwCleaner[s1].txt - [2057 octets] - [16/11/2012 02:51:05] ########## EOF - C:\AdwCleaner[s1].txt - [2117 octets] ########## Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.16.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Monkey :: ANTEC900 [administrator] 16/11/2012 02:58:25 mbam-log-2012-11-16 (02-58-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 230550 Time elapsed: 3 minute(s), 17 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) C:\Program Files (x86)\toolbar.exe Win32/Toolbar.Babylon application E:\backup\C\Users\Adam\AppData\Local\Babylon\Setup\Setup-tbmntr.cab a variant of Win32/Toolbar.Babylon application E:\backup\C\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000066 HTML/ScrInject.B.Gen virus E:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7560f91-33abe99e a variant of Java/Exploit.Agent.NDH trojan E:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\54cd4856-6b867d80 a variant of Java/Exploit.Agent.NDH trojan E:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\6fdb3704-4c09abe1 multiple threats E:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\56605bc-17493612 a variant of OSX/Exploit.Smid.D trojan
  5. 3dtrooper
    I see a lot of "@Denied: (2) (Administrator)" with combofix should I try to re-run by right click and run as admin? Also emsisoft, comodo and avast were actually disabled. I don't know why it says otherwise.
  6. 3dtrooper
    Sorry, no code boxes this time. ComboFix 12-11-15.01 - Monkey 16/11/2012 0:45.1.4 - x64 NETWORK Microsoft Windows 7 Professional 6.1.7601.1.1250.36.1033.18.6143.4371 [GMT 1:00] Running from: c:\users\Monkey\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Emsisoft Anti-Malware *Enabled/Outdated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA} FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC} SP: Emsisoft Anti-Malware *Enabled/Outdated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\desktop.ini c:\users\Monkey\AppData\Roaming\vso_ts_preview.xml c:\windows\XSxS E:\install.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 ))))))))))))))))))))))))))))))) . . 2012-11-16 08:19 . 2012-11-16 08:19 -------- d-----w- C:\FRST 2012-11-15 23:56 . 2012-11-15 23:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-15 23:56 . 2012-11-15 23:56 -------- d-----w- c:\users\Adam\AppData\Local\temp 2012-11-15 23:49 . 2012-11-15 23:49 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEDEB233-E98F-4D4A-99CE-7E265FB3A456}\offreg.dll 2012-11-15 22:11 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-11-15 21:50 . 2012-11-15 21:50 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-11-14 15:32 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEDEB233-E98F-4D4A-99CE-7E265FB3A456}\mpengine.dll 2012-11-11 21:34 . 2012-11-11 21:34 -------- d-----w- c:\users\Monkey\AppData\Local\Programs 2012-10-31 17:37 . 2012-10-31 17:37 -------- d-----w- c:\program files (x86)\PMSystem 2012-10-30 01:57 . 2012-10-30 01:57 -------- d-----w- c:\program files\Recuva 2012-10-29 19:38 . 2012-10-29 19:38 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-10-29 19:37 . 2012-10-29 19:37 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-29 19:37 . 2012-10-29 19:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-18 19:36 . 2012-10-22 07:48 -------- d-----w- C:\processing-1.5.1 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-30 22:51 . 2011-10-24 22:24 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2011-10-24 22:24 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2011-10-24 22:24 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2011-10-24 22:24 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2011-10-24 22:24 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2011-10-24 22:24 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2011-10-24 22:24 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 22:50 . 2011-10-24 22:24 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-29 19:37 . 2011-11-02 00:15 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-13 01:02 . 2011-10-25 09:06 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-09 13:37 . 2012-06-10 13:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 13:37 . 2011-10-24 23:14 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-14 20:57 . 2012-09-14 20:57 7026 ----a-w- c:\windows\smburl3b.vbs 2012-09-14 19:19 . 2012-10-12 11:52 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-12 11:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-07 15:04 . 2012-10-07 02:38 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-31 18:19 . 2012-10-12 11:54 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-12 11:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-12 11:53 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-12 11:53 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-24 18:05 . 2012-10-12 11:52 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-12 11:52 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-24 11:15 . 2012-09-23 01:01 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-23 01:01 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-23 01:01 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-23 01:01 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-23 01:01 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-23 01:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-23 01:01 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-23 01:01 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-23 01:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-23 01:01 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-23 01:01 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-23 01:01 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-23 01:01 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-23 01:01 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-23 01:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-23 01:01 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-23 01:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-23 01:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-23 01:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-23 01:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-23 01:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-23 01:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 14:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 14:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 14:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 14:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-25 19:59 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-20 18:48 . 2012-10-12 11:53 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-20 18:48 . 2012-10-12 11:53 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-20 18:48 . 2012-10-12 11:53 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-20 18:48 . 2012-10-12 11:53 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 18:48 . 2012-10-12 11:53 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-20 18:48 . 2012-10-12 11:53 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 18:48 . 2012-10-12 11:53 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-20 18:46 . 2012-10-12 11:53 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 18:38 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 17:40 . 2012-10-12 11:53 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38 . 2012-10-12 11:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-20 17:38 . 2012-10-12 11:53 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2012-08-20 17:37 . 2012-10-12 11:53 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-08-20 17:37 . 2012-10-12 11:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-08-20 17:32 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll 2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll 2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll 2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2011-12-07 872448] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "Hobbyist Software On-Off Helper"="c:\program files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Configuration.exe" [2012-11-10 554520] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168] . c:\users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Monkey\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll . R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-26 204288] R2 aswFsBlk;aswFsBlk; [x] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] R2 Off-Helper;Off-Helper;c:\program files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Service.exe [2012-11-10 6656] R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320] R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [2011-07-27 29576] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 28672] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-06-06 13352] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1255736] R4 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-10-06 3084176] R4 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2011-08-16 147563] R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-15 2461104] R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320] S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2011-07-27 24456] S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-05-11 178728] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208] S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-04-30 44688] S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-01-17 577824] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-12-19 43248] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-25 270912] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-26 93712] S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [2011-07-27 25352] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 30088] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 27016] S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2011-12-21 34304] S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-28 28160] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720] . . Contents of the 'Scheduled Tasks' folder . 2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 13:37] . 2012-11-15 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-15 22:50] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 22:24] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 22:24] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500Core.job - c:\users\Monkey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 23:47] . 2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500UA.job - c:\users\Monkey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 23:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 8.8.4.4 192.168.0.1 TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\4727F6C6C6: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\55375645869637: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\74971627D6164775946494: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\A4F696B6573507F647F5030323136454334463646413: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{93E2885C-B51A-49D1-A5EE-5A194FDFC57B}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\1647441677E6: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\8405E2E65647: NameServer = 8.8.4.4,8.8.8.8 TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\D427E24527F6C6C6: NameServer = 8.8.4.4,8.8.8.8 . - - - - ORPHANS REMOVED - - - - . Notify-LBTWlgn - (no file) AddRemove-HijackThis - c:\users\Monkey\AppData\Local\Temp\HijackThis.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,c5, 02,9c,be,ec,0c,b1,9d,ba,17,8f,6b,f8,da "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,0e, 6c,c1,80,43,08,a2,e0,94,9a,f2,9c,68,5a "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e9, ae,10,58,36,07,ae,29,02,f3,03,cb,47,e6 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d2, c1,74,f2,34,0d,a8,7f,dc,65,c2,80,cd,b0 . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (Administrator) "Timestamp"=hex:a3,15,1f,eb,b8,11,cd,01 . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,1e,be,fb,ba,e0,b7,43,95,96,f0,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,1e,be,fb,ba,e0,b7,43,95,96,f0,\ . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3G2" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3GP" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3G2" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3GP" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice] @Denied: (2) (Administrator) "Progid"="mplayerc.ac3" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (Administrator) "Progid"="mplayerc.asf" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (Administrator) "Progid"="CCCP.MPC.AVI.1" "CCCP.Backup.Progid"="WMP11.AssocFile.AVI" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avs\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\mpc-hc.exe" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.CDA" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.FLAC" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="Opera.HTML" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="Opera.HTML" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\DTLite.exe" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice] @Denied: (2) (Administrator) "Progid"="mplayerc.m2ts" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.M4A" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice] @Denied: (2) (Administrator) "Progid"="mplayerc.m4v" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (Administrator) "Progid"="Opera.HTML" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="Opera.HTML" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice] @Denied: (2) (Administrator) "Progid"="CCCP.MPC.Matroska.1" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice] @Denied: (2) (Administrator) "Progid"="MPlayerFileVideo" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP3" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MP3" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice] @Denied: (2) (Administrator) "CCCP.Backup.Progid"="WMP11.AssocFile.MP4" "Progid"="CCCP.MPC.MP4.1" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] @Denied: (2) (Administrator) "Progid"="mplayerc.mpg" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice] @Denied: (2) (Administrator) "Progid"="mplayerc.mts" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\notepad++.exe" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.OGG" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice] @Denied: (2) (Administrator) "Progid"="CCCP.MPC.OGM.1" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice] @Denied: (2) (Administrator) "Progid"="MPlayerFileVideo" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice] @Denied: (2) (Administrator) "Progid"="MPlayerFileVideo" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice] @Denied: (2) (Administrator) "Progid"="Opera.Image" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice] @Denied: (2) (Administrator) "Progid"="mplayerc.ts" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.TTS" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (Administrator) "Progid"="mplayerc.wav" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAX" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice] @Denied: (2) (Administrator) "Progid"="MPlayerFileVideo" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMA" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMD" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMS" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (Administrator) "Progid"="mplayerc.wmv" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMZ" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WPL" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WVX" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="Opera.HTML" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice] @Denied: (2) (Administrator) "Progid"="Opera.HTML" . [HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="Opera.HTML" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-16 00:59:22 ComboFix-quarantined-files.txt 2012-11-15 23:59 . Pre-Run: 95,852,404,736 bytes free Post-Run: 95,545,159,680 bytes free . - - End Of File - - 1AAFCF8E3FF94B733D18E1A4CF5441F7 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.1.1 (11.15.2012) OS: Windows 7 Professional x64 Ran by Monkey on 16/11/2012 at 1:01:03.94 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1836503802-3605989020-1067039302-500\software\microsoft\internet explorer\searchscopes\\DefaultScope ~~~ Registry Keys Successfully deleted: [Registry Key] "hkey_classes_root\appid\babylonhelper.exe" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escort.dll" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escortapp.dll" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escorteng.dll" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escortlbr.dll" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\esrv.exe" Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylon_rasapi32" Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylon_rasmancs" Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32" Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs" Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\mybabylontb_rasapi32" Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\mybabylontb_rasmancs" Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\ask" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 16/11/2012 at 1:10:19.61 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  7. 3dtrooper
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2012 Ran by SYSTEM at 16-11-2012 00:21:23 Running from E:\ Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor) HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9454920 2011-12-20] (COMODO) HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.) HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software) HKLM-x32\...\Run: [Hobbyist Software On-Off Helper] "C:\Program Files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Configuration.exe" /startup [554520 2012-11-10] (Hobbyist Software) HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-10-26] (Nullsoft, Inc.) HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-11-09] (Advanced Micro Devices, Inc.) HKU\Adam\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin [x] HKU\Monkey\...\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [872448 2011-12-07] () HKU\Monkey\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [4910912 2011-08-01] (DT Soft Ltd) HKLM-x32\...\RunOnce: [Z1] C:\Users\Monkey\Desktop\mbar\mbar.exe /cleanup /s [1341800 2012-11-08] (Malwarebytes Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) AppInit_DLLs: C:\Windows\system32\guard64.dll Tcpip\..\Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}: [NameServer]8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{93E2885C-B51A-49D1-A5EE-5A194FDFC57B}: [NameServer]8.26.56.26,156.154.70.22 Startup: C:\Users\Monkey\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) ==================== Services (Whitelisted) =================== 4 a2AntiMalware; "C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe" [3084176 2012-10-06] (Emsisoft GmbH) 2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software) 4 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1017344 2011-08-16] (IVT Corporation) 4 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [199680 2011-08-16] (IVT Corporation) 4 BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [147563 2011-08-16] (IVT Corporation) 2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2779416 2011-12-19] (COMODO) 2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation) 2 Off-Helper; C:\Program Files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Service.exe [6656 2012-11-10] (Hobbyist Software) 4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) ==================== Drivers (Whitelisted) ===================== 3 a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH) 1 A2DDA; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [23208 2011-05-19] (Emsi Software GmbH) 1 a2injectiondriver; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [44688 2012-04-30] (Emsisoft GmbH) 1 a2util; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [14720 2010-05-04] (Emsi Software GmbH) 2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software) 2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software) 1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software) 1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software) 1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software) 1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software) 3 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [36360 2009-06-17] (IVT Corporation.) 3 BlueletAudio; C:\Windows\SysWow64\Drivers\BlueletAudio.sys [36360 2009-06-17] (IVT Corporation.) 3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [20488 2010-08-18] (IVT Corporation.) 3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29576 2011-07-27] (IVT Corporation.) 3 BTCOMBUS; C:\Windows\System32\Drivers\BTCOMBUS.sys [25352 2011-07-27] (IVT Corporation.) 3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [42888 2011-07-27] (IVT Corporation.) 0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24456 2011-07-27] (IVT Corporation.) 3 btnetBUs; C:\Windows\System32\Drivers\btnetBUs.sys [30088 2010-04-06] () 1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2012-01-17] (COMODO) 1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [43248 2011-12-19] (COMODO) 1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [270912 2011-10-24] (DT Soft Ltd) 3 e.dentifier2; C:\Windows\System32\DRIVERS\aabed2.sys [28672 2008-03-20] (Todos Data System AB) 3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () 3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () 1 inspect; C:\Windows\System32\Drivers\inspect.sys [93200 2011-12-19] (COMODO) 3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBUs.sys [27016 2010-04-06] (IVT Corporation.) 3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2011-12-20] (ManyCam LLC) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation) 3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-27] (ManyCam LLC) 3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] () 0 mv61xx; C:\Windows\System32\Drivers\mv61xx.sys [178728 2009-05-11] (Marvell Semiconductor, Inc.) 0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2012-05-19] (Duplex Secure Ltd.) 3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-11-16 00:19 - 2012-11-16 00:19 - 00000000 ____D C:\FRST 2012-11-15 14:59 - 2012-11-15 15:09 - 00000000 ____D C:\Users\Monkey\Desktop\mbar 2012-11-15 14:59 - 2012-11-15 14:59 - 12961620 ____A C:\Users\Monkey\Downloads\mbar-1.01.0.1009.zip 2012-11-15 14:52 - 2012-11-15 14:52 - 00683048 ____A ( ) C:\Users\Monkey\Downloads\Chip_Downloader_HijackThis_2.0.4.exe 2012-11-15 14:11 - 2012-11-15 14:11 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job 2012-11-15 14:11 - 2012-10-15 08:59 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys 2012-11-15 13:50 - 2012-11-15 13:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2012-11-14 16:28 - 2012-10-21 06:22 - 499797321 ____A C:\Users\Monkey\Desktop\happy.endings.3x01.cazsh.dummy.spillionaires.mkv 2012-11-14 16:14 - 2012-10-28 18:01 - 563583300 ____A C:\Users\Monkey\Desktop\happy.endings.3x02.sabado.free.gante.mkv 2012-11-14 16:13 - 2012-11-11 20:01 - 626190413 ____A C:\Users\Monkey\Desktop\happy.endings.3x03.boyz.ii.menorah.mkv 2012-11-14 15:24 - 2012-11-14 15:24 - 00000000 ____A C:\Users\Monkey\Desktop\New AviSynth Script.avs 2012-11-11 14:00 - 2012-11-11 14:00 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Mozilla 2012-11-11 13:58 - 2012-11-11 13:58 - 57739236 ____A C:\Users\Monkey\Desktop\SONIC SYNDICATE - Revolution Baby Official Video.mp4 2012-11-11 13:50 - 2012-11-11 13:50 - 103582291 ____A C:\Users\Monkey\Desktop\Sonic Syndicate - Denied (Official Music Video) [HD].mp4 2012-10-31 09:37 - 2012-10-31 09:37 - 00000000 ____D C:\Program Files (x86)\PMSystem 2012-10-29 17:57 - 2012-10-29 17:57 - 00000000 ____D C:\Program Files\Recuva 2012-10-29 11:37 - 2012-10-29 11:37 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2012-10-29 11:37 - 2012-10-29 11:37 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-10-29 11:37 - 2012-10-29 11:37 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-10-29 11:37 - 2012-10-29 11:37 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-10-29 11:37 - 2012-10-29 11:37 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2012-10-29 11:35 - 2012-10-29 11:35 - 00895464 ____A (Oracle Corporation) C:\Users\Monkey\Downloads\chromeinstall-7u9.exe 2012-10-27 17:01 - 2012-10-27 17:02 - 107510746 ____A C:\Users\Monkey\Desktop\dimmu_borgir-dimmu_borgir-dvdrip-x264-2010-srp.mkv 2012-10-25 12:13 - 2012-10-25 12:13 - 00000713 ____A C:\Users\Monkey\Documents\index.php 2012-10-22 08:10 - 2012-10-22 08:24 - 00000000 ____D C:\Users\Monkey\Documents\apple3-142 2012-10-18 11:36 - 2012-10-21 23:48 - 00000000 ____D C:\processing-1.5.1 ==================== One Month Modified Files and Folders ======= 2012-11-16 00:19 - 2012-11-16 00:19 - 00000000 ____D C:\FRST 2012-11-15 15:12 - 2009-07-13 21:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI 2012-11-15 15:09 - 2012-11-15 14:59 - 00000000 ____D C:\Users\Monkey\Desktop\mbar 2012-11-15 15:09 - 2012-09-10 12:35 - 00000000 ___RD C:\Users\Monkey\Dropbox 2012-11-15 15:09 - 2012-09-10 12:32 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Dropbox 2012-11-15 14:59 - 2012-11-15 14:59 - 12961620 ____A C:\Users\Monkey\Downloads\mbar-1.01.0.1009.zip 2012-11-15 14:52 - 2012-11-15 14:52 - 00683048 ____A ( ) C:\Users\Monkey\Downloads\Chip_Downloader_HijackThis_2.0.4.exe 2012-11-15 14:33 - 2012-07-08 12:20 - 00006174 ____A C:\Windows\PFRO.log 2012-11-15 14:25 - 2012-03-27 15:07 - 00000000 ____D C:\Users\All Users\SpeedBit 2012-11-15 14:23 - 2012-10-06 18:36 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-11-15 14:23 - 2012-01-22 12:38 - 00000000 ____D C:\Users\Monkey\AppData\Local\LogMeIn Hamachi 2012-11-15 14:23 - 2011-10-24 16:40 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\DAEMON Tools Lite 2012-11-15 14:17 - 2012-10-06 18:49 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware 2012-11-15 14:13 - 2011-10-26 13:04 - 00000000 ____D C:\Windows\pss 2012-11-15 14:11 - 2012-11-15 14:11 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job 2012-11-15 14:11 - 2011-10-24 14:24 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2012-11-15 13:59 - 2011-10-24 14:24 - 00001028 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-11-15 13:57 - 2011-10-24 23:22 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\uTorrent 2012-11-15 13:57 - 2011-10-24 14:24 - 00001024 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-11-15 13:56 - 2011-10-25 08:48 - 00000202 ____A C:\Windows\Tasks\AutoKMS.job 2012-11-15 13:56 - 2011-08-16 08:47 - 00001193 ____A C:\Windows\SysWOW64\bscs.ini 2012-11-15 13:56 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-11-15 13:55 - 2012-06-30 15:54 - 00022352 ____A C:\Windows\setupact.log 2012-11-15 13:50 - 2012-11-15 13:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2012-11-15 13:44 - 2011-10-25 01:15 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Skype 2012-11-15 13:37 - 2012-06-10 05:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-11-15 13:37 - 2011-10-25 01:11 - 00000000 ____D C:\Program Files (x86)\Steam 2012-11-15 13:21 - 2012-01-19 16:19 - 00000930 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500UA.job 2012-11-15 13:00 - 2012-06-06 10:32 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500UA.job 2012-11-15 12:26 - 2011-10-14 13:55 - 01195560 ____A C:\Windows\WindowsUpdate.log 2012-11-15 10:05 - 2009-07-13 20:45 - 00022224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-11-15 10:05 - 2009-07-13 20:45 - 00022224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-11-15 07:21 - 2012-01-19 16:19 - 00000908 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500Core.job 2012-11-15 05:00 - 2012-06-06 10:32 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500Core.job 2012-11-14 16:31 - 2011-10-25 08:48 - 00000202 ____A C:\Windows\Tasks\AutoKMSDaily.job 2012-11-14 15:24 - 2012-11-14 15:24 - 00000000 ____A C:\Users\Monkey\Desktop\New AviSynth Script.avs 2012-11-11 20:01 - 2012-11-14 16:13 - 626190413 ____A C:\Users\Monkey\Desktop\happy.endings.3x03.boyz.ii.menorah.mkv 2012-11-11 14:00 - 2012-11-11 14:00 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Mozilla 2012-11-11 13:58 - 2012-11-11 13:58 - 57739236 ____A C:\Users\Monkey\Desktop\SONIC SYNDICATE - Revolution Baby Official Video.mp4 2012-11-11 13:50 - 2012-11-11 13:50 - 103582291 ____A C:\Users\Monkey\Desktop\Sonic Syndicate - Denied (Official Music Video) [HD].mp4 2012-11-01 06:06 - 2011-10-25 12:48 - 00000000 ____D C:\Users\Monkey\AppData\Local\Paint.NET 2012-10-31 09:37 - 2012-10-31 09:37 - 00000000 ____D C:\Program Files (x86)\PMSystem 2012-10-30 16:45 - 2012-09-04 13:40 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\FileZilla 2012-10-30 16:43 - 2012-09-18 14:44 - 00000000 ____D C:\Users\Monkey\Documents\port site 2012-10-30 14:51 - 2011-10-24 14:24 - 00984144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2012-10-30 14:51 - 2011-10-24 14:24 - 00370288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2012-10-30 14:51 - 2011-10-24 14:24 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2012-10-30 14:51 - 2011-10-24 14:24 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2012-10-30 14:51 - 2011-10-24 14:24 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr 2012-10-30 14:51 - 2011-10-24 14:24 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2012-10-30 14:50 - 2011-10-24 14:24 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2012-10-30 14:50 - 2011-10-24 14:24 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe 2012-10-30 10:41 - 2011-10-27 17:33 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\vlc 2012-10-30 09:43 - 2012-09-06 10:56 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Spotify 2012-10-30 09:32 - 2012-09-06 10:56 - 00000000 ____D C:\Users\Monkey\AppData\Local\Spotify 2012-10-29 18:38 - 2012-09-16 02:59 - 00000600 ____A C:\Users\Monkey\AppData\Local\PUTTY.RND 2012-10-29 17:57 - 2012-10-29 17:57 - 00000000 ____D C:\Program Files\Recuva 2012-10-29 11:37 - 2012-10-29 11:37 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2012-10-29 11:37 - 2012-10-29 11:37 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-10-29 11:37 - 2012-10-29 11:37 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-10-29 11:37 - 2012-10-29 11:37 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-10-29 11:37 - 2012-10-29 11:37 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2012-10-29 11:37 - 2011-11-01 16:15 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2012-10-29 11:36 - 2011-11-01 16:15 - 00000000 ____D C:\Program Files (x86)\Java 2012-10-29 11:35 - 2012-10-29 11:35 - 00895464 ____A (Oracle Corporation) C:\Users\Monkey\Downloads\chromeinstall-7u9.exe 2012-10-28 18:01 - 2012-11-14 16:14 - 563583300 ____A C:\Users\Monkey\Desktop\happy.endings.3x02.sabado.free.gante.mkv 2012-10-27 17:02 - 2012-10-27 17:01 - 107510746 ____A C:\Users\Monkey\Desktop\dimmu_borgir-dimmu_borgir-dvdrip-x264-2010-srp.mkv 2012-10-26 06:40 - 2011-10-28 13:48 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Audacity 2012-10-26 05:02 - 2011-10-28 10:54 - 00000000 ____D C:\Program Files (x86)\MeGUI_2050_x86 2012-10-25 12:13 - 2012-10-25 12:13 - 00000713 ____A C:\Users\Monkey\Documents\index.php 2012-10-24 13:11 - 2012-03-09 10:59 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\CoreFTP 2012-10-22 08:24 - 2012-10-22 08:10 - 00000000 ____D C:\Users\Monkey\Documents\apple3-142 2012-10-21 23:48 - 2012-10-18 11:36 - 00000000 ____D C:\processing-1.5.1 2012-10-21 23:48 - 2012-10-06 10:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-10-21 23:48 - 2012-01-19 13:22 - 00000000 ____D C:\Users\Monkey\.smplayer 2012-10-21 23:48 - 2011-12-07 13:27 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Winamp 2012-10-21 23:48 - 2011-11-03 18:39 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\IrfanView 2012-10-21 23:48 - 2011-10-24 12:45 - 00000000 ____D C:\users\Adam 2012-10-21 23:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2012-10-21 14:01 - 2011-10-24 14:16 - 00000000 ____D C:\users\Monkey 2012-10-21 06:22 - 2012-11-14 16:28 - 499797321 ____A C:\Users\Monkey\Desktop\happy.endings.3x01.cazsh.dummy.spillionaires.mkv ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-10-29 11:36:41 Restore point made on: 2012-10-30 06:42:34 Restore point made on: 2012-11-11 13:39:10 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 6143.05 MB Available physical RAM: 5412.45 MB Total Pagefile: 6141.25 MB Available Pagefile: 5403.07 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (320GB WINSAMS) (Fixed) (Total:298.09 GB) (Free:89.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] 2 Drive d: (SeaGate) (Fixed) (Total:931.51 GB) (Free:206 GB) NTFS ==>[System with boot components (obtained from reading drive)] 3 Drive e: () (Removable) (Total:7.48 GB) (Free:1.43 GB) NTFS 4 Drive f: () (Fixed) (Total:149.04 GB) (Free:6.39 GB) NTFS 10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Last Boot: 2012-11-14 18:44 ==================== End Of Log =============================
  8. 3dtrooper
    Hi! Not long ago I was infected by a police ransomware that locked my pc. I was able to clean it somewhat but since then my pc has never been the same. I have problems booting and things freeze way too often. Often when booting many services are not able to start!! (avast engine, comdo firewall engine, windows aero, etc) I have tried cleaning with malwarebytes, spybot, and emsisoft. I tried to start the aero service and I get the error: 1084 service cannot be started in safe mode (eventhough I am not in safe mode) Any help would be greatly appreciated. Thank you. Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:52:45, on 15/11/2012 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Users\Monkey\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Configuration.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Remote Mouse\server\server.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Monkey\AppData\Local\Temp\app.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: OKOKO7777KOS O1 - Hosts: 94.242.221.200 my.mail.ru O1 - Hosts: 94.242.221.200 m.my.mail.ru O1 - Hosts: 94.242.221.200 vk.com O1 - Hosts: 94.242.221.200 m.vk.com O1 - Hosts: 94.242.221.200 odnoklassniki.ru O1 - Hosts: 94.242.221.200 www.odnoklassniki.ru O1 - Hosts: 94.242.221.200 m.odnoklassniki.ru O1 - Hosts: 94.242.221.200 ok.ru O1 - Hosts: 94.242.221.200 m.ok.ru O1 - Hosts: 94.242.221.200 vk.com O1 - Hosts: 94.242.221.200 www.odnoklassniki.ru O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Hobbyist Software On-Off Helper] "C:\Program Files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Configuration.exe" /startup O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = C:\Users\Monkey\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{655E1082-793B-4A92-B440-86822E8E2279}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{93E2885C-B51A-49D1-A5EE-5A194FDFC57B}: NameServer = 8.26.56.26,156.154.70.22 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google frissítési szolgáltatás (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google frissítés Szolgáltatás (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Off-Helper - Hobbyist Software - C:\Program Files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Service.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10215 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.