3dtrooper
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by 3dtrooper
-
-
I tried disabling and it was not comodo it's avast. hmm
-
I have a problem I cannot access this thread from the pc(thats why the late reply). I am posting from my phone.
I had these dns servers set, eventhough I did not put these. I usually have google dns (8.8.8.8)
8.26.56.26
156.154.70.22
So I changed it back to google's but I still cannot access the thread (the rest of the website is ok)
Chrome says "connection reset", and Opera says "Connection closed by remote server".
Something strange is going on.
Here are the logs:
ComboFix 12-11-16.02 - Monkey 16/11/2012 22:53:20.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.36.1033.18.6143.1723 [GMT 1:00]
Running from: c:\users\Monkey\Desktop\ComboFix.exe
Command switches used :: c:\users\Monkey\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Emsisoft Anti-Malware *Disabled/Outdated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Emsisoft Anti-Malware *Disabled/Outdated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\toolbar.exe"
"e:\backup\C\Users\Adam\AppData\Local\Babylon\Setup\Setup-tbmntr.cab"
"e:\backup\C\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000066"
"e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7560f91-33abe99e"
"e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\54cd4856-6b867d80"
"e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\6fdb3704-4c09abe1"
"e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\56605bc-17493612"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\toolbar.exe
e:\backup\C\Users\Adam\AppData\Local\Babylon\Setup\Setup-tbmntr.cab
e:\backup\C\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000066
e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7560f91-33abe99e
e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\54cd4856-6b867d80
e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\6fdb3704-4c09abe1
e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\56605bc-17493612
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache86\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))
.
.
2012-11-16 22:04 . 2012-11-16 22:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-16 22:04 . 2012-11-16 22:04 -------- d-----w- c:\users\Adam\AppData\Local\temp
2012-11-16 08:19 . 2012-11-16 08:19 -------- d-----w- C:\FRST
2012-11-16 02:03 . 2012-11-16 02:03 -------- d-----w- c:\program files (x86)\ESET
2012-11-16 00:00 . 2012-11-16 00:00 -------- d-----w- c:\windows\ERUNT
2012-11-16 00:00 . 2012-11-16 00:00 -------- d-----w- C:\JRT
2012-11-15 22:11 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-15 21:50 . 2012-11-15 21:50 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-11-14 15:32 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEDEB233-E98F-4D4A-99CE-7E265FB3A456}\mpengine.dll
2012-11-11 21:34 . 2012-11-11 21:34 -------- d-----w- c:\users\Monkey\AppData\Local\Programs
2012-10-31 17:37 . 2012-10-31 17:37 -------- d-----w- c:\program files (x86)\PMSystem
2012-10-30 01:57 . 2012-10-30 01:57 -------- d-----w- c:\program files\Recuva
2012-10-29 19:38 . 2012-10-29 19:38 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-29 19:37 . 2012-10-29 19:37 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-29 19:37 . 2012-10-29 19:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-18 19:36 . 2012-10-22 07:48 -------- d-----w- C:\processing-1.5.1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2011-10-24 22:24 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-10-24 22:24 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-10-24 22:24 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-10-24 22:24 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-10-24 22:24 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-10-24 22:24 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-10-24 22:24 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-10-24 22:24 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-29 19:37 . 2011-11-02 00:15 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-13 01:02 . 2011-10-25 09:06 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 13:37 . 2012-06-10 13:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 13:37 . 2011-10-24 23:14 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 20:57 . 2012-09-14 20:57 7026 ----a-w- c:\windows\smburl3b.vbs
2012-09-14 19:19 . 2012-10-12 11:52 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-12 11:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-07 15:04 . 2012-10-07 02:38 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 18:19 . 2012-10-12 11:54 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-12 11:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-12 11:53 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-12 11:53 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-24 18:05 . 2012-10-12 11:52 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-12 11:52 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-23 01:01 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-23 01:01 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-23 01:01 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-23 01:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-23 01:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-23 01:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-23 01:01 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-23 01:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-23 01:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-23 01:01 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-23 01:01 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-23 01:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-23 01:01 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-23 01:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-23 01:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-23 01:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-23 01:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-23 01:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-23 01:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 01:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 01:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-23 01:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 14:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 14:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 14:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 14:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 19:59 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-12 11:53 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-12 11:53 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-12 11:53 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-12 11:53 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-12 11:53 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-12 11:53 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-12 11:53 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-12 11:53 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-12 11:53 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-12 11:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-12 11:53 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-12 11:53 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-12 11:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2011-12-07 872448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Hobbyist Software On-Off Helper"="c:\program files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Configuration.exe" [2012-11-10 554520]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]
.
c:\users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Monkey\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
[bU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [2011-07-27 29576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 28672]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-06-06 13352]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1255736]
R4 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-10-06 3084176]
R4 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2011-08-16 147563]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-15 2461104]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2011-07-27 24456]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-05-11 178728]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-04-30 44688]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-01-17 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-12-19 43248]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-25 270912]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-26 204288]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 Off-Helper;Off-Helper;c:\program files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Service.exe [2012-11-10 6656]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-26 93712]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [2011-07-27 25352]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 27016]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2011-12-21 34304]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-28 28160]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 13:37]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 22:24]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 22:24]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500Core.job
- c:\users\Monkey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 23:47]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500UA.job
- c:\users\Monkey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 23:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 8.8.4.4 192.168.0.1
TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\4727F6C6C6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\55375645869637: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\74971627D6164775946494: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\A4F696B6573507F647F5030323136454334463646413: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{93E2885C-B51A-49D1-A5EE-5A194FDFC57B}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\1647441677E6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\8405E2E65647: NameServer = 8.8.4.4,8.8.8.8
TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\D427E24527F6C6C6: NameServer = 8.8.4.4,8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-HijackThis - c:\users\Monkey\AppData\Local\Temp\HijackThis.exe
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hobbyist Software\Off Remote Helper\mDNSResponder.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Remote Mouse\server\server.exe
.
**************************************************************************
.
Completion time: 2012-11-16 23:16:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-16 22:16
ComboFix2.txt 2012-11-16 01:45
ComboFix3.txt 2012-11-15 23:59
.
Pre-Run: 105,225,052,160 bytes free
Post-Run: 104,984,256,512 bytes free
.
- - End Of File - - 5EB35750DE670B1BDF4A616A4BDED048
Farbar Service Scanner Version: 09-11-2012
Ran by Monkey (administrator) on 17-11-2012 at 16:03:22
Running from "C:\Users\Monkey\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Monkey (administrator) on 17-11-2012 at 16:00:05
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
127.0.0.1 localhost
=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 6.2.2)
ABN AMRO e.dentifier2 software (Version: 02.00)
Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AGEIA PhysX v7.11.13 (Version: 7.11.13)
AMD APP SDK Runtime (Version: 10.0.831.4)
AMD AVIVO64 Codecs (Version: 11.7.0.11109)
AMD Catalyst Install Manager (Version: 3.0.855.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.61109.2218)
Android SDK Tools (Version: 1.16)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (Version: 1.0.0.18)
Audacity 1.3.13 (Unicode)
Audiosurf
Auslogics Disk Defrag (Version: version 3.4)
Auto Gordian Knot 2.55 (Version: 2.55)
avast! Free Antivirus (Version: 7.0.1474.0)
Avidemux 2.5 (Version: 2.5.6.7716)
AviSynth 2.6 (Version: 2.6.0.2)
BlueSoleil 8.0.370.0 (Version: 8.0.370.0)
Bluetooth Stack for Windows by Toshiba (Version: v8.00.03(T) Premium Edition)
Bonjour (Version: 3.0.0.10)
Bulk Rename Utility 2.7.1.2
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.1109.2212.39826)
Catalyst Control Center Graphics Previews Common (Version: 2011.1109.2212.39826)
Catalyst Control Center InstallProxy (Version: 2011.1109.2212.39826)
ccc-utility64 (Version: 2011.1109.2212.39826)
CCC Help English (Version: 2011.1109.2211.39826)
CCleaner (Version: 3.19)
CDBurnerXP (Version: 4.4.0.2905)
Combined Community Codec Pack 2011-07-30 (Version: 2011.07.30.0)
Command & Conquer 3 (Version: 1.00.0000)
Command & Conquer Generals (Version: 0.50.0000)
Comodo Dragon (Version: 15.0)
COMODO Internet Security (Version: 5.8.16726.2131)
ConvertXtoDVD 4.1.10.348 (Version: 4.1.10.348)
Core FTP LE
CoreAVC Professional Edition (remove only)
Counter-Strike: Source
DAEMON Tools Lite (Version: 4.41.3.0173)
Day of Defeat: Source
Diablo III (Version: 1.0.4.11327)
Dropbox (Version: 1.4.17)
EASEUS Partition Master 9.1.0 Home Edition
Elecard MPEG-2 PlugIn for WMP (Version: 5.0.111108)
Empire Earth
Empire Earth - The Art of Conquest
Emsisoft Anti-Malware (Version: 7.0)
eReg (Version: 1.20.138.34)
ESET Online Scanner v3
Europe MapleStory
EVEREST Home Edition v2.20 (Version: 2.20)
F.E.A.R. 3
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
FileZilla Client 3.5.3 (Version: 3.5.3)
Flashtool (Version: 0.8.0.0)
foobar2000 v1.1.8 (Version: 1.1.8)
Fraps (remove only)
GameRanger
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 23.0.1271.64)
Google Talk Plugin (Version: 3.10.2.10212)
Google Update Helper (Version: 1.3.21.123)
Haali Media Splitter
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life Dedicated Server Update Tool
HD Tune 2.55
Heroes of Newerth (Version: 2.3.0)
HijackThis 2.0.2 (Version: 2.0.2)
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (Version: 14.0)
Huffyuv AVI lossless video codec (Remove Only)
Hugin 2011.4.0 (Version: 2011.4.0 hg_cf9be9344356)
ICQ7M (Version: 7.8)
iExplorer 2.2.1.3
Image Data Converter (Version: 4.0.01.09151)
iPhoneBrowser (Version: 1.9.3)
IrfanView (remove only) (Version: 4.32)
iTunes (Version: 10.5.0.142)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java 6 Update 31 (Version: 6.0.310)
Lagarith Lossless Codec (1.3.27)
League of Legends (Version: 1.3)
Left 4 Dead 2
Left 4 Dead 2 Dedicated Server
Logitech SetPoint 6.32 (Version: 6.32.20)
LogMeIn Hamachi (Version: 2.1.0.215)
Macromedia Dreamweaver 8 (Version: 8.0.0.2734)
Macromedia Extension Manager (Version: 1.7.240)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
ManyCam 3.0.53 (remove only) (Version: 3.0.53)
marvell 61xx (Version: 1.2.0.69)
MediaInfo 0.7.50 (Version: 0.7.50)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Single Image 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MKVToolNix 5.6.0 (Version: 5.6.0)
Movie Subtitles Searcher 1.0 (Version: 1.0)
Mp3tag v2.49a (Version: v2.49a)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My MP4Box GUI 0.5.5.4 (Version: 0.5.5.4)
Neat Image v6.0 Pro+
Network64 (Version: 140.0.215.000)
Nokia Connectivity Cable Driver (Version: 7.0.2.0)
Notepad++ (Version: 5.9.5)
Off Remote Helper
On2 VP7 Personal Edition
OpenAL
Opera 12.02 (Version: 12.02.1578)
Paint.NET v3.5.10 (Version: 3.60.0)
Pando Media Booster (Version: 2.6.0.8)
PC Connectivity Solution (Version: 8.22.7.0)
Pdf Editor
PDFCreator (Version: 1.2.3)
plist Editor Pro 2.0.0 (Version: 2.0.0)
Portal
PS_AIO_06_B209a-m_SW_Min (Version: 140.0.690.000)
QuickTime (Version: 7.71.80.42)
RaceRoom Racing Experience
Ralink RT2870 Wireless LAN Card (Version: 1.5.6.0)
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
Recuva (Version: 1.43)
Remote Mouse version 1.09 (Version: 1.09)
Sami HTTP Server 2.0.1
Scan (Version: 140.0.80.000)
Serif PhotoPlus X4 (Version: 14.0.1.012)
Serious Sam 2
Skype 5.6 (Version: 5.6.110)
SMPlayer 0.8.0 (Version: 0.8.0)
Sony Ericsson Update Service (Version: 2.11.12.5)
Sony PC Companion 2.10.065 (Version: 2.10.065)
Source Multiplayer Dedicated Server
Spotify (Version: 0.8.5.1333.g822e0de8)
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
Subtitle Workshop 2.51
SUPER v2011.build.49 (July 1st, 2011) version v2011.build.49 (Version: v2011.build.49)
Team Fortress 2
Toolbox (Version: 140.0.428.000)
Tunatic
Universal Extractor 1.6.1 (Version: 1.6.1)
Unreal Tournament 3: Black Edition
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VLC (Version: 1.0.0.0)
VLC media player 1.1.5 (Version: 1.1.5)
VobSub v2.23 (Remove Only)
Web Album Generator 1.8.2
Winamp (Version: 5.622 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
XviD MPEG4 Video Codec (remove only)
Xvid Video Codec (Version: 1.3.2)
**** End of log ****
-
About Office, I do not know as I did not install it personally myself.
ComboFix 12-11-15.01 - Monkey 16/11/2012 2:36.2.4 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1250.36.1033.18.6143.3771 [GMT 1:00]
Running from: c:\users\Monkey\Desktop\ComboFix.exe
Command switches used :: c:\users\Monkey\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Emsisoft Anti-Malware *Enabled/Outdated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Emsisoft Anti-Malware *Enabled/Outdated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\SysWOW64\bscs.ini"
"c:\windows\Tasks\AutoKMS.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWOW64\bscs.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))
.
.
2012-11-16 08:19 . 2012-11-16 08:19 -------- d-----w- C:\FRST
2012-11-16 01:42 . 2012-11-16 01:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-16 01:42 . 2012-11-16 01:42 -------- d-----w- c:\users\Adam\AppData\Local\temp
2012-11-16 00:00 . 2012-11-16 00:00 -------- d-----w- c:\windows\ERUNT
2012-11-16 00:00 . 2012-11-16 00:00 -------- d-----w- C:\JRT
2012-11-15 23:49 . 2012-11-15 23:49 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEDEB233-E98F-4D4A-99CE-7E265FB3A456}\offreg.dll
2012-11-15 22:11 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-15 21:50 . 2012-11-15 21:50 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-11-14 15:32 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEDEB233-E98F-4D4A-99CE-7E265FB3A456}\mpengine.dll
2012-11-11 21:34 . 2012-11-11 21:34 -------- d-----w- c:\users\Monkey\AppData\Local\Programs
2012-10-31 17:37 . 2012-10-31 17:37 -------- d-----w- c:\program files (x86)\PMSystem
2012-10-30 01:57 . 2012-10-30 01:57 -------- d-----w- c:\program files\Recuva
2012-10-29 19:38 . 2012-10-29 19:38 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-29 19:37 . 2012-10-29 19:37 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-29 19:37 . 2012-10-29 19:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-18 19:36 . 2012-10-22 07:48 -------- d-----w- C:\processing-1.5.1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2011-10-24 22:24 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-10-24 22:24 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-10-24 22:24 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-10-24 22:24 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-10-24 22:24 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-10-24 22:24 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-10-24 22:24 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-10-24 22:24 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-29 19:37 . 2011-11-02 00:15 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-13 01:02 . 2011-10-25 09:06 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 13:37 . 2012-06-10 13:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 13:37 . 2011-10-24 23:14 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 20:57 . 2012-09-14 20:57 7026 ----a-w- c:\windows\smburl3b.vbs
2012-09-14 19:19 . 2012-10-12 11:52 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-12 11:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-07 15:04 . 2012-10-07 02:38 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 18:19 . 2012-10-12 11:54 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-12 11:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-12 11:53 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-12 11:53 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-24 18:05 . 2012-10-12 11:52 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-12 11:52 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-23 01:01 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-23 01:01 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-23 01:01 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-23 01:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-23 01:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-23 01:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-23 01:01 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-23 01:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-23 01:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-23 01:01 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-23 01:01 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-23 01:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-23 01:01 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-23 01:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-23 01:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-23 01:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-23 01:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-23 01:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-23 01:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 01:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 01:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-23 01:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 14:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 14:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 14:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 14:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 19:59 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-12 11:53 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-12 11:53 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-12 11:53 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-12 11:53 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-12 11:53 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-12 11:53 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-12 11:53 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-12 11:53 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-12 11:53 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-12 11:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-12 11:53 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-12 11:53 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-12 11:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2011-12-07 872448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Hobbyist Software On-Off Helper"="c:\program files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Configuration.exe" [2012-11-10 554520]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]
.
c:\users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Monkey\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
[bU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-26 204288]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 Off-Helper;Off-Helper;c:\program files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Service.exe [2012-11-10 6656]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [2011-07-27 29576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 28672]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-06-06 13352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1255736]
R4 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-10-06 3084176]
R4 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2011-08-16 147563]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-15 2461104]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2011-07-27 24456]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-05-11 178728]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-04-30 44688]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-01-17 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-12-19 43248]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-25 270912]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-26 93712]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [2011-07-27 25352]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 27016]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2011-12-21 34304]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-28 28160]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 13:37]
.
2012-11-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-15 22:50]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 22:24]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 22:24]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500Core.job
- c:\users\Monkey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 23:47]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500UA.job
- c:\users\Monkey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 23:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 8.8.4.4 192.168.0.1
TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\4727F6C6C6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\55375645869637: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\74971627D6164775946494: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\A4F696B6573507F647F5030323136454334463646413: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{93E2885C-B51A-49D1-A5EE-5A194FDFC57B}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\1647441677E6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\8405E2E65647: NameServer = 8.8.4.4,8.8.8.8
TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\D427E24527F6C6C6: NameServer = 8.8.4.4,8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-HijackThis - c:\users\Monkey\AppData\Local\Temp\HijackThis.exe
.
.
.
Completion time: 2012-11-16 02:45:52
ComboFix-quarantined-files.txt 2012-11-16 01:45
ComboFix2.txt 2012-11-15 23:59
.
Pre-Run: 96,324,788,224 bytes free
Post-Run: 96,020,811,776 bytes free
.
- - End Of File - - 6BB02244228988114E173204F94E8E0C
# AdwCleaner v2.007 - Logfile created 11/16/2012 at 02:51:05
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Monkey - ANTEC900
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Monkey\Downloads\AdwCleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
File Deleted : C:\user.js
Folder Deleted : C:\Users\Monkey\AppData\Roaming\pdfforge
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Google Chrome v [unable to get version]
File : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v12.2.1578.0
File : C:\Users\Adam\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
File : C:\Users\Monkey\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2102 octets] - [16/11/2012 02:50:51]
AdwCleaner[s1].txt - [2057 octets] - [16/11/2012 02:51:05]
########## EOF - C:\AdwCleaner[s1].txt - [2117 octets] ##########
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.16.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Monkey :: ANTEC900 [administrator]
16/11/2012 02:58:25
mbam-log-2012-11-16 (02-58-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230550
Time elapsed: 3 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
C:\Program Files (x86)\toolbar.exe Win32/Toolbar.Babylon application
E:\backup\C\Users\Adam\AppData\Local\Babylon\Setup\Setup-tbmntr.cab a variant of Win32/Toolbar.Babylon application
E:\backup\C\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000066 HTML/ScrInject.B.Gen virus
E:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7560f91-33abe99e a variant of Java/Exploit.Agent.NDH trojan
E:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\54cd4856-6b867d80 a variant of Java/Exploit.Agent.NDH trojan
E:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\6fdb3704-4c09abe1 multiple threats
E:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\56605bc-17493612 a variant of OSX/Exploit.Smid.D trojan
-
I see a lot of "@Denied: (2) (Administrator)" with combofix should I try to re-run by right click and run as admin?
Also emsisoft, comodo and avast were actually disabled. I don't know why it says otherwise.
-
Sorry, no code boxes this time.
ComboFix 12-11-15.01 - Monkey 16/11/2012 0:45.1.4 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1250.36.1033.18.6143.4371 [GMT 1:00]
Running from: c:\users\Monkey\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Emsisoft Anti-Malware *Enabled/Outdated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Emsisoft Anti-Malware *Enabled/Outdated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\desktop.ini
c:\users\Monkey\AppData\Roaming\vso_ts_preview.xml
c:\windows\XSxS
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 )))))))))))))))))))))))))))))))
.
.
2012-11-16 08:19 . 2012-11-16 08:19 -------- d-----w- C:\FRST
2012-11-15 23:56 . 2012-11-15 23:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-15 23:56 . 2012-11-15 23:56 -------- d-----w- c:\users\Adam\AppData\Local\temp
2012-11-15 23:49 . 2012-11-15 23:49 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEDEB233-E98F-4D4A-99CE-7E265FB3A456}\offreg.dll
2012-11-15 22:11 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-15 21:50 . 2012-11-15 21:50 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-11-14 15:32 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEDEB233-E98F-4D4A-99CE-7E265FB3A456}\mpengine.dll
2012-11-11 21:34 . 2012-11-11 21:34 -------- d-----w- c:\users\Monkey\AppData\Local\Programs
2012-10-31 17:37 . 2012-10-31 17:37 -------- d-----w- c:\program files (x86)\PMSystem
2012-10-30 01:57 . 2012-10-30 01:57 -------- d-----w- c:\program files\Recuva
2012-10-29 19:38 . 2012-10-29 19:38 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-29 19:37 . 2012-10-29 19:37 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-29 19:37 . 2012-10-29 19:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-18 19:36 . 2012-10-22 07:48 -------- d-----w- C:\processing-1.5.1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2011-10-24 22:24 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-10-24 22:24 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-10-24 22:24 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-10-24 22:24 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-10-24 22:24 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-10-24 22:24 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-10-24 22:24 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-10-24 22:24 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-29 19:37 . 2011-11-02 00:15 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-13 01:02 . 2011-10-25 09:06 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 13:37 . 2012-06-10 13:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 13:37 . 2011-10-24 23:14 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 20:57 . 2012-09-14 20:57 7026 ----a-w- c:\windows\smburl3b.vbs
2012-09-14 19:19 . 2012-10-12 11:52 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-12 11:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-07 15:04 . 2012-10-07 02:38 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 18:19 . 2012-10-12 11:54 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-12 11:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-12 11:53 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-12 11:53 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-24 18:05 . 2012-10-12 11:52 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-12 11:52 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-23 01:01 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-23 01:01 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-23 01:01 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-23 01:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-23 01:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-23 01:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-23 01:01 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-23 01:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-23 01:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-23 01:01 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-23 01:01 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-23 01:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-23 01:01 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-23 01:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-23 01:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-23 01:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-23 01:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-23 01:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-23 01:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 01:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 01:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-23 01:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 14:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 14:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 14:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 14:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 19:59 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-12 11:53 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-12 11:53 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-12 11:53 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-12 11:53 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-12 11:53 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-12 11:53 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-12 11:53 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-12 11:53 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-12 11:53 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-12 11:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-12 11:53 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-12 11:53 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-12 11:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2011-12-07 872448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Hobbyist Software On-Off Helper"="c:\program files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Configuration.exe" [2012-11-10 554520]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]
.
c:\users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Monkey\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-26 204288]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 Off-Helper;Off-Helper;c:\program files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Service.exe [2012-11-10 6656]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [2011-07-27 29576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 28672]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-06-06 13352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1255736]
R4 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-10-06 3084176]
R4 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2011-08-16 147563]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-15 2461104]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2011-07-27 24456]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-05-11 178728]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-04-30 44688]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-01-17 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-12-19 43248]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-25 270912]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-26 93712]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [2011-07-27 25352]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 27016]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2011-12-21 34304]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-28 28160]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 13:37]
.
2012-11-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-15 22:50]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 22:24]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 22:24]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500Core.job
- c:\users\Monkey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 23:47]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500UA.job
- c:\users\Monkey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 23:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 8.8.4.4 192.168.0.1
TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\4727F6C6C6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\55375645869637: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\74971627D6164775946494: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\A4F696B6573507F647F5030323136454334463646413: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{93E2885C-B51A-49D1-A5EE-5A194FDFC57B}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\1647441677E6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\8405E2E65647: NameServer = 8.8.4.4,8.8.8.8
TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\D427E24527F6C6C6: NameServer = 8.8.4.4,8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
Notify-LBTWlgn - (no file)
AddRemove-HijackThis - c:\users\Monkey\AppData\Local\Temp\HijackThis.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,c5,
02,9c,be,ec,0c,b1,9d,ba,17,8f,6b,f8,da
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,0e,
6c,c1,80,43,08,a2,e0,94,9a,f2,9c,68,5a
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e9,
ae,10,58,36,07,ae,29,02,f3,03,cb,47,e6
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d2,
c1,74,f2,34,0d,a8,7f,dc,65,c2,80,cd,b0
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:a3,15,1f,eb,b8,11,cd,01
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,1e,be,fb,ba,e0,b7,43,95,96,f0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,1e,be,fb,ba,e0,b7,43,95,96,f0,\
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc.ac3"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc.asf"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="CCCP.MPC.AVI.1"
"CCCP.Backup.Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mpc-hc.exe"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.FLAC"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\DTLite.exe"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc.m2ts"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.M4A"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc.m4v"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="CCCP.MPC.Matroska.1"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="MPlayerFileVideo"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP3"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"CCCP.Backup.Progid"="WMP11.AssocFile.MP4"
"Progid"="CCCP.MPC.MP4.1"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc.mpg"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc.mts"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad++.exe"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.OGG"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="CCCP.MPC.OGM.1"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="MPlayerFileVideo"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="MPlayerFileVideo"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.Image"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc.ts"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc.wav"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="MPlayerFileVideo"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mplayerc.wmv"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-16 00:59:22
ComboFix-quarantined-files.txt 2012-11-15 23:59
.
Pre-Run: 95,852,404,736 bytes free
Post-Run: 95,545,159,680 bytes free
.
- - End Of File - - 1AAFCF8E3FF94B733D18E1A4CF5441F7
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.1.1 (11.15.2012)
OS: Windows 7 Professional x64
Ran by Monkey on 16/11/2012 at 1:01:03.94
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1836503802-3605989020-1067039302-500\software\microsoft\internet explorer\searchscopes\\DefaultScope
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_classes_root\appid\babylonhelper.exe"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escort.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escortapp.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escorteng.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escortlbr.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\esrv.exe"
Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylon_rasapi32"
Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylon_rasmancs"
Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32"
Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs"
Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\mybabylontb_rasapi32"
Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\mybabylontb_rasmancs"
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\ask"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/11/2012 at 1:10:19.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2012
Ran by SYSTEM at 16-11-2012 00:21:23
Running from E:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9454920 2011-12-20] (COMODO)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
HKLM-x32\...\Run: [Hobbyist Software On-Off Helper] "C:\Program Files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Configuration.exe" /startup [554520 2012-11-10] (Hobbyist Software)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-10-26] (Nullsoft, Inc.)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKU\Adam\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin [x]
HKU\Monkey\...\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [872448 2011-12-07] ()
HKU\Monkey\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [4910912 2011-08-01] (DT Soft Ltd)
HKLM-x32\...\RunOnce: [Z1] C:\Users\Monkey\Desktop\mbar\mbar.exe /cleanup /s [1341800 2012-11-08] (Malwarebytes Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
AppInit_DLLs: C:\Windows\system32\guard64.dll
Tcpip\..\Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{93E2885C-B51A-49D1-A5EE-5A194FDFC57B}: [NameServer]8.26.56.26,156.154.70.22
Startup: C:\Users\Monkey\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
==================== Services (Whitelisted) ===================
4 a2AntiMalware; "C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe" [3084176 2012-10-06] (Emsisoft GmbH)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
4 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1017344 2011-08-16] (IVT Corporation)
4 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [199680 2011-08-16] (IVT Corporation)
4 BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [147563 2011-08-16] (IVT Corporation)
2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2779416 2011-12-19] (COMODO)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 Off-Helper; C:\Program Files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Service.exe [6656 2012-11-10] (Hobbyist Software)
4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
==================== Drivers (Whitelisted) =====================
3 a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
1 A2DDA; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [23208 2011-05-19] (Emsi Software GmbH)
1 a2injectiondriver; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [44688 2012-04-30] (Emsisoft GmbH)
1 a2util; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [14720 2010-05-04] (Emsi Software GmbH)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
3 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [36360 2009-06-17] (IVT Corporation.)
3 BlueletAudio; C:\Windows\SysWow64\Drivers\BlueletAudio.sys [36360 2009-06-17] (IVT Corporation.)
3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [20488 2010-08-18] (IVT Corporation.)
3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29576 2011-07-27] (IVT Corporation.)
3 BTCOMBUS; C:\Windows\System32\Drivers\BTCOMBUS.sys [25352 2011-07-27] (IVT Corporation.)
3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [42888 2011-07-27] (IVT Corporation.)
0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24456 2011-07-27] (IVT Corporation.)
3 btnetBUs; C:\Windows\System32\Drivers\btnetBUs.sys [30088 2010-04-06] ()
1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2012-01-17] (COMODO)
1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [43248 2011-12-19] (COMODO)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [270912 2011-10-24] (DT Soft Ltd)
3 e.dentifier2; C:\Windows\System32\DRIVERS\aabed2.sys [28672 2008-03-20] (Todos Data System AB)
3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
1 inspect; C:\Windows\System32\Drivers\inspect.sys [93200 2011-12-19] (COMODO)
3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBUs.sys [27016 2010-04-06] (IVT Corporation.)
3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2011-12-20] (ManyCam LLC)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-27] (ManyCam LLC)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] ()
0 mv61xx; C:\Windows\System32\Drivers\mv61xx.sys [178728 2009-05-11] (Marvell Semiconductor, Inc.)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2012-05-19] (Duplex Secure Ltd.)
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2012-11-16 00:19 - 2012-11-16 00:19 - 00000000 ____D C:\FRST
2012-11-15 14:59 - 2012-11-15 15:09 - 00000000 ____D C:\Users\Monkey\Desktop\mbar
2012-11-15 14:59 - 2012-11-15 14:59 - 12961620 ____A C:\Users\Monkey\Downloads\mbar-1.01.0.1009.zip
2012-11-15 14:52 - 2012-11-15 14:52 - 00683048 ____A ( ) C:\Users\Monkey\Downloads\Chip_Downloader_HijackThis_2.0.4.exe
2012-11-15 14:11 - 2012-11-15 14:11 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2012-11-15 14:11 - 2012-10-15 08:59 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-11-15 13:50 - 2012-11-15 13:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-11-14 16:28 - 2012-10-21 06:22 - 499797321 ____A C:\Users\Monkey\Desktop\happy.endings.3x01.cazsh.dummy.spillionaires.mkv
2012-11-14 16:14 - 2012-10-28 18:01 - 563583300 ____A C:\Users\Monkey\Desktop\happy.endings.3x02.sabado.free.gante.mkv
2012-11-14 16:13 - 2012-11-11 20:01 - 626190413 ____A C:\Users\Monkey\Desktop\happy.endings.3x03.boyz.ii.menorah.mkv
2012-11-14 15:24 - 2012-11-14 15:24 - 00000000 ____A C:\Users\Monkey\Desktop\New AviSynth Script.avs
2012-11-11 14:00 - 2012-11-11 14:00 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Mozilla
2012-11-11 13:58 - 2012-11-11 13:58 - 57739236 ____A C:\Users\Monkey\Desktop\SONIC SYNDICATE - Revolution Baby Official Video.mp4
2012-11-11 13:50 - 2012-11-11 13:50 - 103582291 ____A C:\Users\Monkey\Desktop\Sonic Syndicate - Denied (Official Music Video) [HD].mp4
2012-10-31 09:37 - 2012-10-31 09:37 - 00000000 ____D C:\Program Files (x86)\PMSystem
2012-10-29 17:57 - 2012-10-29 17:57 - 00000000 ____D C:\Program Files\Recuva
2012-10-29 11:37 - 2012-10-29 11:37 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-10-29 11:37 - 2012-10-29 11:37 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-10-29 11:37 - 2012-10-29 11:37 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-10-29 11:37 - 2012-10-29 11:37 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-10-29 11:37 - 2012-10-29 11:37 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-10-29 11:35 - 2012-10-29 11:35 - 00895464 ____A (Oracle Corporation) C:\Users\Monkey\Downloads\chromeinstall-7u9.exe
2012-10-27 17:01 - 2012-10-27 17:02 - 107510746 ____A C:\Users\Monkey\Desktop\dimmu_borgir-dimmu_borgir-dvdrip-x264-2010-srp.mkv
2012-10-25 12:13 - 2012-10-25 12:13 - 00000713 ____A C:\Users\Monkey\Documents\index.php
2012-10-22 08:10 - 2012-10-22 08:24 - 00000000 ____D C:\Users\Monkey\Documents\apple3-142
2012-10-18 11:36 - 2012-10-21 23:48 - 00000000 ____D C:\processing-1.5.1
==================== One Month Modified Files and Folders =======
2012-11-16 00:19 - 2012-11-16 00:19 - 00000000 ____D C:\FRST
2012-11-15 15:12 - 2009-07-13 21:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-15 15:09 - 2012-11-15 14:59 - 00000000 ____D C:\Users\Monkey\Desktop\mbar
2012-11-15 15:09 - 2012-09-10 12:35 - 00000000 ___RD C:\Users\Monkey\Dropbox
2012-11-15 15:09 - 2012-09-10 12:32 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Dropbox
2012-11-15 14:59 - 2012-11-15 14:59 - 12961620 ____A C:\Users\Monkey\Downloads\mbar-1.01.0.1009.zip
2012-11-15 14:52 - 2012-11-15 14:52 - 00683048 ____A ( ) C:\Users\Monkey\Downloads\Chip_Downloader_HijackThis_2.0.4.exe
2012-11-15 14:33 - 2012-07-08 12:20 - 00006174 ____A C:\Windows\PFRO.log
2012-11-15 14:25 - 2012-03-27 15:07 - 00000000 ____D C:\Users\All Users\SpeedBit
2012-11-15 14:23 - 2012-10-06 18:36 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-11-15 14:23 - 2012-01-22 12:38 - 00000000 ____D C:\Users\Monkey\AppData\Local\LogMeIn Hamachi
2012-11-15 14:23 - 2011-10-24 16:40 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\DAEMON Tools Lite
2012-11-15 14:17 - 2012-10-06 18:49 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2012-11-15 14:13 - 2011-10-26 13:04 - 00000000 ____D C:\Windows\pss
2012-11-15 14:11 - 2012-11-15 14:11 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2012-11-15 14:11 - 2011-10-24 14:24 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-11-15 13:59 - 2011-10-24 14:24 - 00001028 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-15 13:57 - 2011-10-24 23:22 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\uTorrent
2012-11-15 13:57 - 2011-10-24 14:24 - 00001024 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-15 13:56 - 2011-10-25 08:48 - 00000202 ____A C:\Windows\Tasks\AutoKMS.job
2012-11-15 13:56 - 2011-08-16 08:47 - 00001193 ____A C:\Windows\SysWOW64\bscs.ini
2012-11-15 13:56 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-15 13:55 - 2012-06-30 15:54 - 00022352 ____A C:\Windows\setupact.log
2012-11-15 13:50 - 2012-11-15 13:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-11-15 13:44 - 2011-10-25 01:15 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Skype
2012-11-15 13:37 - 2012-06-10 05:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-15 13:37 - 2011-10-25 01:11 - 00000000 ____D C:\Program Files (x86)\Steam
2012-11-15 13:21 - 2012-01-19 16:19 - 00000930 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500UA.job
2012-11-15 13:00 - 2012-06-06 10:32 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500UA.job
2012-11-15 12:26 - 2011-10-14 13:55 - 01195560 ____A C:\Windows\WindowsUpdate.log
2012-11-15 10:05 - 2009-07-13 20:45 - 00022224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-15 10:05 - 2009-07-13 20:45 - 00022224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-15 07:21 - 2012-01-19 16:19 - 00000908 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500Core.job
2012-11-15 05:00 - 2012-06-06 10:32 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500Core.job
2012-11-14 16:31 - 2011-10-25 08:48 - 00000202 ____A C:\Windows\Tasks\AutoKMSDaily.job
2012-11-14 15:24 - 2012-11-14 15:24 - 00000000 ____A C:\Users\Monkey\Desktop\New AviSynth Script.avs
2012-11-11 20:01 - 2012-11-14 16:13 - 626190413 ____A C:\Users\Monkey\Desktop\happy.endings.3x03.boyz.ii.menorah.mkv
2012-11-11 14:00 - 2012-11-11 14:00 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Mozilla
2012-11-11 13:58 - 2012-11-11 13:58 - 57739236 ____A C:\Users\Monkey\Desktop\SONIC SYNDICATE - Revolution Baby Official Video.mp4
2012-11-11 13:50 - 2012-11-11 13:50 - 103582291 ____A C:\Users\Monkey\Desktop\Sonic Syndicate - Denied (Official Music Video) [HD].mp4
2012-11-01 06:06 - 2011-10-25 12:48 - 00000000 ____D C:\Users\Monkey\AppData\Local\Paint.NET
2012-10-31 09:37 - 2012-10-31 09:37 - 00000000 ____D C:\Program Files (x86)\PMSystem
2012-10-30 16:45 - 2012-09-04 13:40 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\FileZilla
2012-10-30 16:43 - 2012-09-18 14:44 - 00000000 ____D C:\Users\Monkey\Documents\port site
2012-10-30 14:51 - 2011-10-24 14:24 - 00984144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-10-30 14:51 - 2011-10-24 14:24 - 00370288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-10-30 14:51 - 2011-10-24 14:24 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-10-30 14:51 - 2011-10-24 14:24 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-10-30 14:51 - 2011-10-24 14:24 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-10-30 14:51 - 2011-10-24 14:24 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-10-30 14:50 - 2011-10-24 14:24 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-10-30 14:50 - 2011-10-24 14:24 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-10-30 10:41 - 2011-10-27 17:33 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\vlc
2012-10-30 09:43 - 2012-09-06 10:56 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Spotify
2012-10-30 09:32 - 2012-09-06 10:56 - 00000000 ____D C:\Users\Monkey\AppData\Local\Spotify
2012-10-29 18:38 - 2012-09-16 02:59 - 00000600 ____A C:\Users\Monkey\AppData\Local\PUTTY.RND
2012-10-29 17:57 - 2012-10-29 17:57 - 00000000 ____D C:\Program Files\Recuva
2012-10-29 11:37 - 2012-10-29 11:37 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-10-29 11:37 - 2012-10-29 11:37 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-10-29 11:37 - 2012-10-29 11:37 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-10-29 11:37 - 2012-10-29 11:37 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-10-29 11:37 - 2012-10-29 11:37 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-10-29 11:37 - 2011-11-01 16:15 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-10-29 11:36 - 2011-11-01 16:15 - 00000000 ____D C:\Program Files (x86)\Java
2012-10-29 11:35 - 2012-10-29 11:35 - 00895464 ____A (Oracle Corporation) C:\Users\Monkey\Downloads\chromeinstall-7u9.exe
2012-10-28 18:01 - 2012-11-14 16:14 - 563583300 ____A C:\Users\Monkey\Desktop\happy.endings.3x02.sabado.free.gante.mkv
2012-10-27 17:02 - 2012-10-27 17:01 - 107510746 ____A C:\Users\Monkey\Desktop\dimmu_borgir-dimmu_borgir-dvdrip-x264-2010-srp.mkv
2012-10-26 06:40 - 2011-10-28 13:48 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Audacity
2012-10-26 05:02 - 2011-10-28 10:54 - 00000000 ____D C:\Program Files (x86)\MeGUI_2050_x86
2012-10-25 12:13 - 2012-10-25 12:13 - 00000713 ____A C:\Users\Monkey\Documents\index.php
2012-10-24 13:11 - 2012-03-09 10:59 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\CoreFTP
2012-10-22 08:24 - 2012-10-22 08:10 - 00000000 ____D C:\Users\Monkey\Documents\apple3-142
2012-10-21 23:48 - 2012-10-18 11:36 - 00000000 ____D C:\processing-1.5.1
2012-10-21 23:48 - 2012-10-06 10:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-21 23:48 - 2012-01-19 13:22 - 00000000 ____D C:\Users\Monkey\.smplayer
2012-10-21 23:48 - 2011-12-07 13:27 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Winamp
2012-10-21 23:48 - 2011-11-03 18:39 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\IrfanView
2012-10-21 23:48 - 2011-10-24 12:45 - 00000000 ____D C:\users\Adam
2012-10-21 23:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-10-21 14:01 - 2011-10-24 14:16 - 00000000 ____D C:\users\Monkey
2012-10-21 06:22 - 2012-11-14 16:28 - 499797321 ____A C:\Users\Monkey\Desktop\happy.endings.3x01.cazsh.dummy.spillionaires.mkv
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-10-29 11:36:41
Restore point made on: 2012-10-30 06:42:34
Restore point made on: 2012-11-11 13:39:10
==================== Memory info ===========================
Percentage of memory in use: 11%
Total physical RAM: 6143.05 MB
Available physical RAM: 5412.45 MB
Total Pagefile: 6141.25 MB
Available Pagefile: 5403.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: (320GB WINSAMS) (Fixed) (Total:298.09 GB) (Free:89.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (SeaGate) (Fixed) (Total:931.51 GB) (Free:206 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: () (Removable) (Total:7.48 GB) (Free:1.43 GB) NTFS
4 Drive f: () (Fixed) (Total:149.04 GB) (Free:6.39 GB) NTFS
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Last Boot: 2012-11-14 18:44
==================== End Of Log ============================= -
Hi!
Not long ago I was infected by a police ransomware that locked my pc. I was able to clean it somewhat but since then my pc has never been the same.
I have problems booting and things freeze way too often.
Often when booting many services are not able to start!! (avast engine, comdo firewall engine, windows aero, etc)
I have tried cleaning with malwarebytes, spybot, and emsisoft.
I tried to start the aero service and I get the error: 1084 service cannot be started in safe mode
(eventhough I am not in safe mode)
Any help would be greatly appreciated.
Thank you.
Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:52:45, on 15/11/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Monkey\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Configuration.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Remote Mouse\server\server.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Monkey\AppData\Local\Temp\app.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: OKOKO7777KOS
O1 - Hosts: 94.242.221.200 my.mail.ru
O1 - Hosts: 94.242.221.200 m.my.mail.ru
O1 - Hosts: 94.242.221.200 vk.com
O1 - Hosts: 94.242.221.200 m.vk.com
O1 - Hosts: 94.242.221.200 odnoklassniki.ru
O1 - Hosts: 94.242.221.200 www.odnoklassniki.ru
O1 - Hosts: 94.242.221.200 m.odnoklassniki.ru
O1 - Hosts: 94.242.221.200 ok.ru
O1 - Hosts: 94.242.221.200 m.ok.ru
O1 - Hosts: 94.242.221.200 vk.com
O1 - Hosts: 94.242.221.200 www.odnoklassniki.ru
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Hobbyist Software On-Off Helper] "C:\Program Files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Configuration.exe" /startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Monkey\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{655E1082-793B-4A92-B440-86822E8E2279}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{93E2885C-B51A-49D1-A5EE-5A194FDFC57B}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google frissítési szolgáltatás (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google frissítés Szolgáltatás (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Off-Helper - Hobbyist Software - C:\Program Files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10215 bytes
not the same after ransomware
in Resolved Malware Removal Logs
Posted
But everything else seems alright.
What security software do you recommend? Thanks