Jump to content

April_Singer

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Everything posted by April_Singer

  1. April_Singer
    thanks
  2. April_Singer
    Hi Jeff. All done - just uninstalled ComboFix and I'll change my passwords. Thanks for all of the great tips. We run a firewall and anti-virus here on our network. I think what happened was that I installed a new version of Adobe FrameMaker and then I was trying to track down updated versions of some third-party plug-ins that I rely on and in the process, I downloaded something I didn't intend to. I wasn't paying attention because I was trying to do several things at once and when my anti-virus app asked if I wanted to run the installer I affirmed it without really looking at what it was alerting me to. It was right after that when claro-search showed up in my browser, so I'm pretty sure that is what happened. I know better and this is the first time I've gotten "bit" like that. I'm usually extremely careful. Lesson learned though. What a pain! But it was great comfort to have someone who understands this stuff working with me. Thanks again for your guidance and attentiveness. Hopefully all is good now. Take care, and Happy Thanksgiving to you. April
  3. April_Singer
    OK...that took a long time - two hours. It scanned my internal drive (C:) as well as an external drive, which is good. No infected files, no threats. So it sounds like I'm in the clear, yes?
  4. April_Singer
    Here is the latest Malwarebytes log (still working through the remaining steps): Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.19.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 asinger :: APRIL-WIN7 [administrator] Protection: Enabled 11/19/2012 11:28:53 AM mbam-log-2012-11-19 (11-28-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 253408 Time elapsed: 2 minute(s), 5 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  5. April_Singer
    Whew! What a relief! When I launch IE now, I'm no longer being redirected to claro-search so it looks like that took care of it. I normally use Chrome but I had uninstalled it, so I will install it again now. I was not aware of any other effects of this malware, only that it hi-jacked my browser. If there is anything in particular I should check, please advise. Following is the contents fo the AdwCleaner log. Can you tell what it was that I downloaded that introduced this to my system? Thanks so much Jeff! -------------------------------------------------------------------------------------------------------------------------------- # AdwCleaner v2.008 - Logfile created 11/19/2012 at 10:25:29 # Updated 17/11/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : asinger - APRIL-WIN7 # Boot Mode : Normal # Running from : C:\Users\asinger\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Browser Manager ***** [Files / Folders] ***** Deleted on reboot : C:\ProgramData\Browser Manager Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\Users\asinger\AppData\Roaming\Babylon Folder Deleted : C:\Users\asinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23796~1.11\{16cdf~1\browsemngr.dll Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=116695&tt=4612_8&babsrc=HP_ss&mntrId=3a7bf0df000000000000180373e7248d --> hxxp://www.google.com Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] ************************* AdwCleaner[R1].txt - [2160 octets] - [19/11/2012 09:34:45] AdwCleaner[R2].txt - [2220 octets] - [19/11/2012 09:37:59] AdwCleaner[s1].txt - [2207 octets] - [19/11/2012 10:25:29] ########## EOF - C:\AdwCleaner[s1].txt - [2267 octets] ##########
  6. April_Singer
    contents of the ComboFix log: ---------------------------------------------------------------------------------------------------------------------------------------------------- ComboFix 12-11-16.02 - asinger 11/19/2012 9:42.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8149.4488 [GMT -7:00] Running from: c:\users\asinger\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\asinger\AppData\Local\assembly\tmp c:\users\fworstell\AppData\Local\assembly\tmp c:\users\jwainwright\AppData\Local\assembly\tmp . . ((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 ))))))))))))))))))))))))))))))) . . 2012-11-19 16:47 . 2012-11-19 16:47 -------- d-----w- c:\users\jwainwright\AppData\Local\temp 2012-11-19 16:31 . 2012-11-19 16:37 -------- d-----w- c:\program files (x86)\Google 2012-11-16 00:23 . 2012-11-16 00:23 -------- d-----w- c:\programdata\AMD 2012-11-16 00:23 . 2012-11-16 00:23 -------- d-----w- c:\program files (x86)\AMD AVT 2012-11-16 00:23 . 2012-11-16 00:23 -------- d-----w- c:\program files (x86)\AMD APP 2012-11-16 00:23 . 2012-11-16 00:23 -------- d-----w- c:\program files\Common Files\ATI Technologies 2012-11-16 00:23 . 2012-11-16 00:23 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2012-11-16 00:21 . 2012-11-16 00:23 -------- d-----w- c:\program files\ATI Technologies 2012-11-16 00:21 . 2012-11-16 00:21 -------- d-----w- c:\program files\ATI 2012-11-16 00:20 . 2012-11-16 00:20 -------- d-----w- C:\AMD 2012-11-15 22:53 . 2012-11-15 22:53 -------- d-----w- c:\users\jwainwright\AppData\Local\CrashDumps 2012-11-15 20:32 . 2012-11-15 20:32 -------- d-----w- c:\users\jwainwright\AppData\Roaming\Realtime Soft 2012-11-15 20:00 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-11-15 20:00 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-11-15 20:00 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-11-15 20:00 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-11-15 20:00 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-11-15 19:59 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-11-15 19:57 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 19:57 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 19:57 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-15 19:57 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 19:57 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-11-15 19:57 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-11-15 19:57 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-11-15 19:55 . 2012-08-20 18:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-11-15 19:54 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-11-15 19:54 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll 2012-11-15 19:54 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-11-15 19:54 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-11-15 19:54 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-11-15 19:54 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-11-15 19:54 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll 2012-11-15 19:54 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-11-15 19:54 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-11-15 19:54 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-11-15 19:54 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-11-15 19:54 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-11-15 19:50 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-15 19:50 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-15 19:49 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 19:49 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-15 19:49 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 19:49 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 19:49 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 19:49 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 19:49 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 19:49 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-11-15 19:49 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-11-15 19:49 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 19:49 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-15 19:47 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-11-15 19:47 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-11-15 19:47 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-11-15 19:47 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-11-15 19:47 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-11-15 19:47 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-11-14 17:45 . 2012-11-14 17:45 -------- d-----w- c:\users\asinger\AppData\Roaming\Realtime Soft 2012-11-14 17:42 . 2012-11-14 17:42 -------- d-----w- c:\windows\SysWow64\searchplugins 2012-11-14 17:42 . 2012-11-14 17:42 -------- d-----w- c:\windows\SysWow64\Extensions 2012-11-14 17:42 . 2012-11-14 17:42 -------- d-----w- c:\programdata\Browser Manager 2012-11-14 17:42 . 2012-11-14 17:42 -------- d-----w- c:\users\asinger\AppData\Roaming\Babylon 2012-11-14 17:42 . 2012-11-14 17:42 -------- d-----w- c:\programdata\Babylon 2012-11-14 17:09 . 2012-11-18 00:11 -------- d-----w- c:\users\asinger\AppData\Roaming\Skype 2012-11-14 17:09 . 2012-11-14 17:09 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-11-14 17:09 . 2012-11-14 17:09 -------- d-----r- c:\program files (x86)\Skype 2012-11-14 17:09 . 2012-11-14 17:09 -------- d-----w- c:\programdata\Skype 2012-11-14 15:31 . 2012-09-25 06:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-13 23:56 . 2012-11-13 23:56 -------- d-----w- c:\program files\Symantec 2012-11-13 23:56 . 2012-11-13 23:56 156008 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-11-13 23:56 . 2012-11-13 23:56 -------- d-----w- c:\program files\Common Files\Symantec Shared 2012-11-13 23:56 . 2012-11-13 23:56 -------- d-----w- c:\program files (x86)\Symantec AntiVirus 2012-11-13 23:44 . 2012-11-13 23:44 -------- d-----w- c:\users\jwainwright\AppData\Roaming\Apple Computer 2012-11-13 23:44 . 2012-11-13 23:47 -------- d-----w- c:\users\jwainwright\AppData\Local\Adobe 2012-11-13 22:56 . 2012-11-13 22:56 -------- d-----w- c:\users\asinger\AppData\Roaming\Malwarebytes 2012-11-13 22:56 . 2012-11-13 22:56 -------- d-----w- c:\programdata\Malwarebytes 2012-11-13 22:56 . 2012-11-16 14:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-13 22:56 . 2012-09-30 02:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-13 22:54 . 2012-11-16 00:19 -------- d-----w- C:\Temp 2012-11-13 22:49 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C0A7F1C-9CE9-4388-96A6-522912C5D675}\mpengine.dll 2012-11-12 19:35 . 2012-11-14 21:53 -------- d-----w- C:\Workspace 2012-11-12 17:14 . 2012-11-12 17:17 -------- d-----w- c:\users\asinger\AppData\Local\Microsoft Games 2012-11-12 16:47 . 2012-11-12 16:47 -------- d-----w- c:\users\asinger\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat 2012-11-12 14:37 . 2012-11-12 14:37 -------- d-----w- c:\users\asinger\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2012-11-12 14:35 . 2012-11-12 14:35 -------- d-----w- c:\program files (x86)\Adobe Download Assistant 2012-11-09 16:55 . 2012-11-09 16:55 -------- d-----w- c:\users\asinger\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-30 04:04 . 2012-03-29 17:05 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-03 13:33 . 2012-07-11 15:08 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-03 13:33 . 2012-03-27 00:20 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-28 22:37 . 2012-09-28 22:37 221696 ----a-w- c:\windows\system32\clinfo.exe 2012-09-28 22:36 . 2012-09-28 22:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-09-28 22:36 . 2012-09-28 22:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-09-28 22:36 . 2012-09-28 22:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-09-28 22:36 . 2012-09-28 22:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-09-28 22:36 . 2012-09-28 22:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll 2012-09-28 22:32 . 2012-09-28 22:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-09-28 22:28 . 2012-09-28 22:28 54784 ----a-w- c:\windows\system32\OpenCL.dll 2012-09-28 22:28 . 2012-09-28 22:28 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-09-28 02:23 . 2012-03-27 01:41 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll 2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll 2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll 2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-09-28 01:43 . 2012-03-27 01:41 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-09-28 01:41 . 2012-03-27 01:41 1120768 ----a-w- c:\windows\system32\aticfx64.dll 2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll 2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe 2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-09-28 01:31 . 2012-03-27 01:41 3127296 ----a-w- c:\windows\system32\atiumd6a.dll 2012-09-28 01:25 . 2012-03-27 01:41 6704640 ----a-w- c:\windows\system32\atiumd64.dll 2012-09-28 01:22 . 2012-03-27 01:41 7167488 ----a-w- c:\windows\system32\atidxx64.dll 2012-09-28 01:22 . 2012-03-27 01:41 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-09-28 01:13 . 2012-03-27 01:41 595456 ----a-w- c:\windows\system32\atiadlxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-09-28 01:11 . 2012-03-27 01:41 129536 ----a-w- c:\windows\system32\atiuxp64.dll 2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-09-28 01:11 . 2012-03-27 01:41 103424 ----a-w- c:\windows\system32\atiu9p64.dll 2012-09-28 01:10 . 2012-03-27 01:41 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-09-24 03:43 . 2012-09-24 03:43 55432 ----a-w- c:\windows\system32\AdobePDF.dll 2012-09-24 03:43 . 2012-09-24 03:43 26768 ----a-w- c:\windows\system32\AdobePDFUI.dll 2012-08-22 18:12 . 2012-10-02 21:03 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-10-02 21:02 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-10-02 21:02 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-10-02 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-18 336384] "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336] "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-24 3477640] "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2006-12-08 107112] "vptray"="c:\progra~2\SYMANT~1\VPTray.exe" [2006-12-14 134808] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snagit 10.lnk - c:\program files (x86)\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll c:\progra~3\browse~1\23796~1.11\{16cdf~1\browsemngr.dll "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-29 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616] S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-11 2312216] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-08-09 2656536] S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-18 138912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3444609460-1490733976-1733244792-1000Core.job - c:\users\fworstell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-29 20:27] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3444609460-1490733976-1733244792-1000UA.job - c:\users\fworstell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-29 20:27] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2010-10-04 2907240] "TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.claro-search.com/?affID=116695&tt=4612_8&babsrc=HP_ss&mntrId=3a7bf0df000000000000180373e7248d mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 10.210.11.44 10.210.11.41 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Symantec AntiVirus\DefWatch.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Symantec AntiVirus\Rtvscan.exe c:\program files (x86)\Symantec AntiVirus\VPTray.exe c:\program files (x86)\TechSmith\Snagit 10\TSCHelp.exe c:\program files (x86)\TechSmith\Snagit 10\SnagPriv.exe c:\program files (x86)\TechSmith\Snagit 10\snagiteditor.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-11-19 09:53:41 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-19 16:53 . Pre-Run: 413,010,370,560 bytes free Post-Run: 413,193,805,824 bytes free . - - End Of File - - 2A0CDB0B5A47C094092841DE4253AB7D
  7. April_Singer
    AdwCleaner log contents: # AdwCleaner v2.008 - Logfile created 11/19/2012 at 09:37:59 # Updated 17/11/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : asinger - APRIL-WIN7 # Boot Mode : Normal # Running from : C:\Users\asinger\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** Found : Browser Manager ***** [Files / Folders] ***** Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Browser Manager Folder Found : C:\Users\asinger\AppData\Roaming\Babylon Folder Found : C:\Users\asinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager ***** [Registry] ***** Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\Software\DataMngr Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=116695&tt=4612_8&babsrc=HP_ss&mntrId=3a7bf0df000000000000180373e7248d [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.claro-search.com/?affID=116695&tt=4612_8&babsrc=HP_ss&mntrId=3a7bf0df000000000000180373e7248d ************************* AdwCleaner[R1].txt - [2160 octets] - [19/11/2012 09:34:45] AdwCleaner[R2].txt - [2091 octets] - [19/11/2012 09:37:59] ########## EOF - C:\AdwCleaner[R2].txt - [2151 octets] ##########
  8. April_Singer
    Jeff - Following is the content of the awwMBR.txt file produced by the above steps: ------------------------------------------------------------------------------------------------------------ aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-19 07:50:39 ----------------------------- 07:50:39.362 OS Version: Windows x64 6.1.7601 Service Pack 1 07:50:39.362 Number of processors: 4 586 0x2A07 07:50:39.362 ComputerName: APRIL-WIN7 UserName: asinger 07:50:40.797 Initialize success 07:57:49.559 The log file has been saved successfully to "C:\Users\asinger\Desktop\aswMBR.txt" aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-19 07:50:39 ----------------------------- 07:50:39.362 OS Version: Windows x64 6.1.7601 Service Pack 1 07:50:39.362 Number of processors: 4 586 0x2A07 07:50:39.362 ComputerName: APRIL-WIN7 UserName: asinger 07:50:40.797 Initialize success 07:57:49.559 The log file has been saved successfully to "C:\Users\asinger\Desktop\aswMBR.txt" 07:59:29.691 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 07:59:29.691 Disk 0 Vendor: Hitachi_ JF3O Size: 476940MB BusType: 8 07:59:29.707 Disk 0 MBR read successfully 07:59:29.707 Disk 0 MBR scan 07:59:29.707 Disk 0 Windows VISTA default MBR code 07:59:29.707 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63 07:59:29.723 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 13468 MB offset 81920 07:59:29.723 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463428 MB offset 27664384 07:59:29.754 Disk 0 scanning C:\Windows\system32\drivers 07:59:37.663 Service scanning 07:59:52.296 Modules scanning 07:59:52.296 Disk 0 trace - called modules: 07:59:52.343 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 07:59:52.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009306060] 07:59:52.343 3 CLASSPNP.SYS[fffff88001bc543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80075a3050] 07:59:52.358 Scan finished successfully 08:00:10.860 Disk 0 MBR has been saved successfully to "C:\Users\asinger\Desktop\MBR.dat" 08:00:10.860 The log file has been saved successfully to "C:\Users\asinger\Desktop\aswMBR.txt" aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-19 07:50:39 ----------------------------- 07:50:39.362 OS Version: Windows x64 6.1.7601 Service Pack 1 07:50:39.362 Number of processors: 4 586 0x2A07 07:50:39.362 ComputerName: APRIL-WIN7 UserName: asinger 07:50:40.797 Initialize success 07:57:49.559 The log file has been saved successfully to "C:\Users\asinger\Desktop\aswMBR.txt" 07:59:29.691 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 07:59:29.691 Disk 0 Vendor: Hitachi_ JF3O Size: 476940MB BusType: 8 07:59:29.707 Disk 0 MBR read successfully 07:59:29.707 Disk 0 MBR scan 07:59:29.707 Disk 0 Windows VISTA default MBR code 07:59:29.707 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63 07:59:29.723 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 13468 MB offset 81920 07:59:29.723 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463428 MB offset 27664384 07:59:29.754 Disk 0 scanning C:\Windows\system32\drivers 07:59:37.663 Service scanning 07:59:52.296 Modules scanning 07:59:52.296 Disk 0 trace - called modules: 07:59:52.343 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 07:59:52.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009306060] 07:59:52.343 3 CLASSPNP.SYS[fffff88001bc543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80075a3050] 07:59:52.358 Scan finished successfully 08:00:10.860 Disk 0 MBR has been saved successfully to "C:\Users\asinger\Desktop\MBR.dat" 08:00:10.860 The log file has been saved successfully to "C:\Users\asinger\Desktop\aswMBR.txt" 08:01:49.861 Disk 0 MBR has been saved successfully to "C:\Users\asinger\Desktop\MBR.dat" 08:01:49.861 The log file has been saved successfully to "C:\Users\asinger\Desktop\aswMBR.txt"
  9. April_Singer
    Jeff - I'm back in the office and will act on your reply asap today. Will report back. Thank you for your assistance. April
  10. April_Singer
    After downloading a couple of Framemaker plug-ins and some desktop icons I noticed that my browser had been hi-jacked by claro-search. Didn't realize it was malware at first. Disabled the search in Chrome (my usual browser) then uninstalled it from the Programs Control Panel in Windows 7. No extensions were found in Chrome. Still had the problem. Downloaded the free version of Malwarebytes and ran both a Quick Scan and a Full Scan. Neither detected any problems/files. Perhaps because I had uninstalled claro though obviously it still resides at some level. Uninstalled Chrome tried IE. Same problem with IE (of course, this I know now). Ran dds.com as instructed. Have pasted the contents of dds.txt below and attached attach.txt. This is my computer at work. I can check the forum for responses from home later if I don't get a response before I leave but I won't be able to do anything on the work computer until I resume work Monday morning. I will watch for responses in case someone does pick this up before I leave work for the day. I am in the GMT -7 timezone (presently 11:36 a.m. as I post this). Thank you for any help that is offered. ------------------------------------------------------------------------------------------------------------------------------------------ DDS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2 Run by asinger at 11:13:07 on 2012-11-16 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8149.5297 [GMT -7:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\SPBA\upeksvr.exe C:\Windows\System32\spoolsv.exe C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe C:\dell\DBRM\Reminder\DbrmTrayicon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\splwow64.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.claro-search.com/?affID=116695&tt=4612_8&babsrc=HP_ss&mntrId=3a7bf0df000000000000180373e7248d mWinlogon: Userinit = userinit.exe BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie.dll BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-System: DisableCAD = dword:1 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 10.210.11.44 10.210.11.41 TCP: Interfaces\{B4064349-3C78-4D77-9BC7-05794C2D7B92} : DHCPNameServer = 10.210.11.44 10.210.11.41 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> LSA: Authentication Packages = msv1_0 wvauth x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-3-26 55856] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616] R2 Browser Manager;Browser Manager;C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-11-14 2312216] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-26 13336] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-3-26 171688] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-23 212944] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-13 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-13 676936] R2 Symantec AntiVirus;Symantec AntiVirus;C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe [2006-12-13 1962136] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-26 2656536] R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-13 138912] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-13 25928] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-15 19456] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-15 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-15 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-29 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . ShellExec: FrameMaker11.exe: Edit="C:\Program Files (x86)\Adobe\AdobeFrameMaker11\FrameMaker.exe" -ie "%1" . =============== Created Last 30 ================ . 2012-11-16 00:23:54 -------- d-----w- C:\ProgramData\AMD 2012-11-16 00:23:53 -------- d-----w- C:\Program Files (x86)\AMD AVT 2012-11-16 00:23:50 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-11-16 00:23:47 -------- d-----w- C:\Program Files\Common Files\ATI Technologies 2012-11-16 00:23:47 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies 2012-11-16 00:21:08 -------- d-----w- C:\Program Files\ATI Technologies 2012-11-16 00:21:06 -------- d-----w- C:\Program Files\ATI 2012-11-16 00:20:23 -------- d-----w- C:\AMD 2012-11-15 20:00:28 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-11-15 20:00:05 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-11-15 20:00:05 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-11-15 20:00:05 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-11-15 20:00:05 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-11-15 19:59:43 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-15 19:57:37 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-15 19:57:37 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-15 19:57:37 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-15 19:57:37 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-15 19:57:15 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-11-15 19:57:14 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-11-15 19:57:14 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-11-15 19:55:33 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-15 19:54:37 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-11-15 19:54:37 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll 2012-11-15 19:54:37 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-11-15 19:54:37 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-11-15 19:54:37 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-11-15 19:54:37 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-11-15 19:54:37 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-11-15 19:54:36 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-11-15 19:54:36 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-11-15 19:54:36 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-11-15 19:54:36 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-11-15 19:54:36 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-11-15 19:50:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-15 19:50:55 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-15 19:49:23 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-15 19:49:23 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-15 19:49:23 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-15 19:49:23 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-15 19:49:22 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-15 19:49:22 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-15 19:49:22 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-11-15 19:49:17 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-11-15 19:49:17 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-11-15 19:49:10 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-11-15 19:49:10 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-11-15 19:47:48 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-11-15 19:47:48 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-11-15 19:47:48 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-11-15 19:47:48 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-11-15 19:47:48 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-11-15 19:47:48 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-11-14 17:45:17 -------- d-----w- C:\Users\asinger\AppData\Roaming\Realtime Soft 2012-11-14 17:42:39 -------- d-----w- C:\Windows\SysWow64\searchplugins 2012-11-14 17:42:39 -------- d-----w- C:\Windows\SysWow64\Extensions 2012-11-14 17:42:38 -------- d-----w- C:\ProgramData\Browser Manager 2012-11-14 17:42:07 -------- d-----w- C:\Users\asinger\AppData\Roaming\Babylon 2012-11-14 17:42:07 -------- d-----w- C:\ProgramData\Babylon 2012-11-14 17:09:45 -------- d-----r- C:\Program Files (x86)\Skype 2012-11-14 15:31:43 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-13 23:56:56 156008 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-11-13 23:56:56 -------- d-----w- C:\Program Files\Symantec 2012-11-13 23:56:51 -------- d-----w- C:\Program Files\Common Files\Symantec Shared 2012-11-13 23:56:49 -------- d-----w- C:\Program Files (x86)\Symantec AntiVirus 2012-11-13 22:56:58 -------- d-----w- C:\Users\asinger\AppData\Roaming\Malwarebytes 2012-11-13 22:56:50 -------- d-----w- C:\ProgramData\Malwarebytes 2012-11-13 22:56:49 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-11-13 22:56:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-13 22:54:24 -------- d-----w- C:\Temp 2012-11-13 22:49:49 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C0A7F1C-9CE9-4388-96A6-522912C5D675}\mpengine.dll 2012-11-12 19:35:06 -------- d-----w- C:\Workspace 2012-11-12 17:14:45 -------- d-----w- C:\Users\asinger\AppData\Local\Microsoft Games 2012-11-12 16:47:00 -------- d-----w- C:\Users\asinger\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat 2012-11-12 14:37:59 -------- d-----w- C:\Users\asinger\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2012-11-12 14:35:06 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant 2012-11-09 16:55:15 -------- d-----w- C:\Users\asinger\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2012-10-19 19:40:52 -------- d-----w- C:\Users\asinger\AppData\Roaming\NetLibCache 2012-10-19 18:57:42 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2012-10-19 18:55:53 -------- d-----w- C:\Program Files\Saxonica 2012-10-19 18:53:18 -------- d-----w- C:\Program Files\Microsoft Synchronization Services 2012-10-19 18:53:18 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2012-10-19 18:52:39 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services . ==================== Find3M ==================== . 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-03 13:33:29 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-10-03 13:33:29 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-28 22:37:02 221696 ----a-w- C:\Windows\System32\clinfo.exe 2012-09-28 22:36:44 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-09-28 22:36:40 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-09-28 22:36:36 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-09-28 22:36:34 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-09-28 22:36:24 32635904 ----a-w- C:\Windows\System32\amdocl64.dll 2012-09-28 22:32:16 27341824 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-09-28 22:28:46 54784 ----a-w- C:\Windows\System32\OpenCL.dll 2012-09-28 22:28:42 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2012-09-28 02:23:00 5557928 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-09-28 02:21:20 10697216 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-09-28 02:05:38 70144 ----a-w- C:\Windows\System32\coinst_9.002.dll 2012-09-28 02:03:52 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-09-28 02:02:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-09-28 02:02:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-09-28 02:02:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-09-28 02:02:20 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-09-28 02:02:08 16082432 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-09-28 01:59:56 23825920 ----a-w- C:\Windows\System32\atio6axx.dll 2012-09-28 01:57:20 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-09-28 01:43:28 935424 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-09-28 01:41:40 1120768 ----a-w- C:\Windows\System32\aticfx64.dll 2012-09-28 01:41:14 19624960 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-09-28 01:39:36 6536192 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-09-28 01:39:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll 2012-09-28 01:39:08 538112 ----a-w- C:\Windows\System32\atieclxx.exe 2012-09-28 01:38:16 239616 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-09-28 01:36:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-09-28 01:36:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-09-28 01:36:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-09-28 01:36:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-09-28 01:31:26 3127296 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-09-28 01:25:24 6704640 ----a-w- C:\Windows\System32\atiumd64.dll 2012-09-28 01:22:42 7167488 ----a-w- C:\Windows\System32\atidxx64.dll 2012-09-28 01:22:30 2691584 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-09-28 01:13:40 595456 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-09-28 01:13:30 405504 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-09-28 01:13:16 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-09-28 01:13:12 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-09-28 01:13:12 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-09-28 01:13:08 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-09-28 01:13:00 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-09-28 01:12:52 460288 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-09-28 01:11:22 129536 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-09-28 01:11:16 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-09-28 01:11:08 103424 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-09-28 01:10:58 82944 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-09-28 01:09:48 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-09-24 03:43:48 55432 ----a-w- C:\Windows\System32\AdobePDF.dll 2012-09-24 03:43:42 26768 ----a-w- C:\Windows\System32\AdobePDFUI.dll 2012-08-24 18:13:17 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-08-24 18:09:34 458712 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-24 18:05:03 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-08-24 18:04:18 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-08-24 18:03:09 1448448 ----a-w- C:\Windows\System32\lsasrv.dll 2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-24 16:57:40 247808 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-08-24 16:57:40 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-08-24 16:57:37 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-08-24 16:53:35 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-08-23 14:13:11 243200 ----a-w- C:\Windows\System32\rdpudd.dll 2012-08-23 14:10:20 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys 2012-08-23 14:08:26 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys 2012-08-23 14:07:35 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys 2012-08-23 13:47:20 46592 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll 2012-08-23 13:46:20 16896 ----a-w- C:\Windows\SysWow64\wksprtPS.dll 2012-08-23 13:41:52 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe 2012-08-23 13:40:56 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll 2012-08-23 13:24:57 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll 2012-08-23 13:20:40 54272 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll 2012-08-23 13:18:14 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll 2012-08-23 13:17:54 18432 ----a-w- C:\Windows\System32\wksprtPS.dll 2012-08-23 13:06:58 43520 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll 2012-08-23 12:52:53 44032 ----a-w- C:\Windows\System32\tsgqec.dll 2012-08-23 11:20:06 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe 2012-08-23 11:15:57 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll 2012-08-23 11:14:09 384000 ----a-w- C:\Windows\System32\wksprt.exe 2012-08-23 11:12:17 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll 2012-08-23 10:54:24 322560 ----a-w- C:\Windows\System32\aaclient.dll 2012-08-23 10:51:14 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll 2012-08-23 10:39:24 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe . ============= FINISH: 11:13:45.48 =============== attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.