mrpowers365
-
Posts
9 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by mrpowers365
-
-
# AdwCleaner v2.105 - Logfile created 01/10/2013 at 15:07:27
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : nolanj - JESSE
# Boot Mode : Normal
# Running from : C:\Users\nolanj\Desktop\adware\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
File Found : C:\user.js
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\Users\nolanj\AppData\Local\APN
Folder Found : C:\Users\nolanj\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\nolanj\AppData\Roaming\Babylon
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\StartSearch
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011431152}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011431152}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011431152}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Google Chrome v23.0.1271.97
File : C:\Users\nolanj\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2592 octets] - [10/01/2013 15:07:27]
########## EOF - C:\AdwCleaner[R1].txt - [2652 octets] ##########
-
ComboFix 13-01-08.01 - nolanj 01/10/2013 14:26:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.1967 [GMT -6:00]
Running from: c:\users\nolanj\Desktop\combo fix\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\intellidownload\gunzip.exe
c:\programdata\boost_interprocess\20121212032359.294940
C:\torrent.exe
c:\users\nolanj\AppData\Roaming\inst.exe
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\server.log
c:\windows\SysWow64\wpcap.dll
E:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 )))))))))))))))))))))))))))))))
.
.
2013-01-10 20:31 . 2013-01-10 20:31 -------- d-----w- c:\users\nolanj\AppData\Local\Karan
2013-01-09 14:13 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 14:13 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 10:26 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7474F57F-AF7D-4170-B2BB-C291D091AA64}\mpengine.dll
2013-01-08 10:26 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-03 04:07 . 2013-01-03 04:07 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-12-30 16:08 . 2012-12-30 16:08 -------- d-----w- c:\users\nolanj\AppData\Local\Programs
2012-12-22 09:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 09:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 09:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 09:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 05:49 . 2013-01-10 20:30 -------- d-----w- c:\programdata\boost_interprocess
2012-12-18 05:49 . 2012-12-21 02:48 -------- d-----w- c:\users\nolanj\AppData\Roaming\Bitcoin
2012-12-18 05:48 . 2012-12-18 05:48 -------- d-----w- c:\program files (x86)\Bitcoin
2012-12-12 09:01 . 2012-11-14 06:04 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-12-12 07:54 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 07:54 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 07:54 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 07:54 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 09:09 . 2011-12-08 08:46 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 13:17 . 2012-09-07 15:14 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 13:17 . 2011-12-07 17:24 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-14 22:49 . 2012-08-01 04:22 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 04:45 . 2013-01-09 14:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-28 18:39 . 2012-11-28 18:39 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{448140D7-C808-486F-AF21-9C45D22C7A9F}\gapaengine.dll
2012-11-11 17:45 . 2012-11-11 17:45 127488 ----a-w- c:\windows\system32\ff_vfw.dll
2012-11-11 13:34 . 2012-11-11 13:34 252792 ----a-w- c:\windows\system32\avutil-lav-52.dll
2012-11-11 13:34 . 2012-11-11 13:34 178472 ----a-w- c:\windows\system32\avresample-lav-1.dll
2012-11-11 13:34 . 2012-11-11 13:34 181568 ----a-w- c:\windows\system32\avfilter-lav-3.dll
2012-11-11 13:32 . 2012-11-11 13:32 238528 ----a-w- c:\windows\SysWow64\avutil-lav-52.dll
2012-11-11 13:32 . 2012-11-11 13:32 158096 ----a-w- c:\windows\SysWow64\avresample-lav-1.dll
2012-10-16 08:38 . 2012-11-28 03:45 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 03:45 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 03:45 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\nolanj\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\nolanj\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\nolanj\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\nolanj\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"RAMDrive"="c:\program files (x86)\FarStone\VirtualDrive\VHD\RDTask.exe" [2008-01-28 106496]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"FsVdInstReboot"="1 (0x1)" [X]
.
c:\users\nolanj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\nolanj\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-21 28538560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-09-29 695400]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-09 1255736]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-08-15 8704]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-12-20 82816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 13:17]
.
2013-01-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-890350343-3515886429-4097803412-1000Core.job
- c:\users\nolanj\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-04 21:36]
.
2013-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-890350343-3515886429-4097803412-1000UA.job
- c:\users\nolanj\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-04 21:36]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-890350343-3515886429-4097803412-1000Core.job
- c:\users\nolanj\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 11:27]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-890350343-3515886429-4097803412-1000UA.job
- c:\users\nolanj\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 11:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\nolanj\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\nolanj\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\nolanj\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\nolanj\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://webmail.gsicommerce.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: gsipartners.com\citrix.remotetools
TCP: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-BID Drop Box - c:\program files (x86)\Bulk Image Downloader\BIDDropBox.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2013-01-10 14:37:12 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-10 20:37
.
Pre-Run: 736,137,764,864 bytes free
Post-Run: 735,673,335,808 bytes free
.
- - End Of File - - 04BB8D72F105F85729D57110005186EF
-
Everything came up clear
-
IS this the other log that you wanted?
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.199000 GHz
Memory total: 4017610752, free: 1075159040
------------ Kernel report ------------
01/08/2013 21:15:52
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\fvxscsi.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\ManyCam_x64.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\fcdabus.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\LVUSBS64.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\LV302V64.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\normaliz.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\sechost.dll
\Windows\System32\lpk.dll
\Windows\System32\ws2_32.dll
\Windows\System32\advapi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\imm32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\user32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shlwapi.dll
\Windows\System32\usp10.dll
\Windows\System32\setupapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\wininet.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msctf.dll
\Windows\System32\iertutil.dll
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\psapi.dll
\Windows\System32\ole32.dll
\Windows\System32\kernel32.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80048a3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xfffffa80072bd060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80048bf060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\
Lower Device Object: 0xfffffa800466e060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2013.01.09.01
Downloaded database version: v2013.01.04.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80048bf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80048bfb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80048bf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004668580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800466e060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a0101298c0, 0xfffffa80048bf060, 0xfffffa8003de8090
Lower DeviceData: 0xfffff8a003268470, 0xfffffa800466e060, 0xfffffa8007419c30
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4CEFF2DC
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1953312768
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80048a3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006a07b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80048a3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80072bd060, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a00432d2d0, 0xfffffa80048a3060, 0xfffffa8003a99190
Lower DeviceData: 0xfffff8a0102f4690, 0xfffffa80072bd060, 0xfffffa8006eb24e0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E8900690
Partition information:
Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 1953520002
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Read File: File "C:\Users\nolanj\Desktop\LeagueOfLegends\layout.bin" is sparse (flags = 32768)
Done!
Scan finished
=======================================
-
<p> </p>
<div>Firewall and updates are on</div>
<div> </div>
<div>Malwarebytes Anti-Rootkit 1.01.0.1011</div>
<div>www.malwarebytes.org</div>
<div> </div>
<div>Database version: v2013.01.09.01</div>
<div> </div>
<div>Windows 7 Service Pack 1 x64 NTFS</div>
<div>Internet Explorer 9.0.8112.16421</div>
<div>nolanj :: JESSE [administrator]</div>
<div> </div>
<div>1/8/2013 9:28:05 PM</div>
<div>mbar-log-2013-01-08 (21-28-05).txt</div>
<div> </div>
<div>Scan type: Quick scan</div>
<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P</div>
<div>Scan options disabled: </div>
<div>Objects scanned: 30529</div>
<div>Time elapsed: 11 minute(s), 44 second(s)</div>
<div> </div>
<div>Memory Processes Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Memory Modules Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Registry Keys Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Registry Values Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Registry Data Items Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Folders Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Files Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>(end)</div>
<div> </div>
-
RogueKiller V8.4.2 [Jan 6 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : nolanj [Admin rights]
Mode : Scan -- Date : 01/07/2013 19:13:47
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] 4807cd45923d3064881767827ab8d0d1
[bSP] 3a8996086261ddbf25e5256e2620e61c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953766 Mo
User = LL1 ... OK!
-
Can anyone please help with this? This is just painfully annoying and ive tried running MBAM and it found nothing.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/7/2011 4:51:10 AM
System Uptime: 1/7/2013 4:14:31 AM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | H55M-S2V
Processor: Intel® Core i3 CPU 550 @ 3.20GHz | Socket 1156 | 3192/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 686.697 GiB free.
D: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP182: 12/22/2012 3:00:13 AM - Windows Update
RP183: 12/25/2012 3:29:29 AM - Windows Update
RP184: 12/29/2012 3:30:00 AM - Windows Update
RP185: 1/1/2013 4:21:58 PM - Windows Update
RP186: 1/4/2013 7:57:46 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
1Click DVD Copy Pro 4.1.5.0
4chan Image Downloader
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Photoshop CS5.1
Adobe Premiere Pro CS6
Adobe Reader X (10.1.2)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 2.1.7
ASIO4ALL
Audacity 2.0.2
Battlelog Web Plugins
Belkin F7D1101 Basic Wireless USB Adapter
Belkin N Wireless USB Adapter Setup
Belkin Wireless USB Utility
Bitcoin
Bonjour
Camersoft Skype Video Recorder 3.1.08
Canon MP250 series MP Drivers
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Citrix XenApp Web Plugin
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
ESN Sonar
Evaer Video Recorder for Skype 1.2.3.15
Exif_Viewer Unisntall
Facebook Video Calling 1.2.0.287
FL Studio 10
GetFLV 9.1.0.3
Google Chrome
Google Talk Plugin
Hi-Rez Studios Authenticate and Update Service
iExplorer 2.2.1.3
IL Download Manager
iTunes
Java 7 Update 9
Java Auto Updater
Java 6 Update 31
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.70.0.1100
ManyCam 2.6.60 (remove only)
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft IntelliType Pro 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
MSVCRT
Origin
Pamela Pro 4.8
Pando Media Booster
PDF Settings CS5
Picasa 3
PrivitizeVPN
Realtek Ethernet Controller Driver
RSA SecurID Token for Windows Desktops
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype Click to Call
Skype™ 6.0
System Requirements Lab for Intel
TeamViewer 7
Tribes Ascend
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VirtualDrive Pro
VLC media player 1.1.11
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1.1
Xvid MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
1/7/2013 4:09:52 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/7/2013 3:32:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
1/7/2013 3:32:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/7/2013 3:25:14 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/7/2013 3:25:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/7/2013 3:25:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/7/2013 3:25:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/7/2013 3:25:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/7/2013 3:24:59 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElbyCDIO MpFilter spldr Wanarpv6
1/5/2013 7:34:32 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
1/2/2013 10:23:25 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR6.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by nolanj at 4:19:59 on 2013-01-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.1833 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\nolanj\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\nolanj\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\nolanj\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\nolanj\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\nolanj\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\nolanj\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\nolanj\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\nolanj\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\nolanj\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Users\nolanj\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\nolanj\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://webmail.gsicommerce.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\nolanj\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Facebook Update] "C:\Users\nolanj\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [bID Drop Box] "C:\Program Files (x86)\Bulk Image Downloader\BIDDropBox.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [AdobeBridge] <no file>
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [RAMDrive] "C:\Program Files (x86)\FarStone\VirtualDrive\VHD\RDTask.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\nolanj\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\nolanj\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
TCP: NameServer = 68.115.71.53 68.113.206.10 66.189.0.100
TCP: Interfaces\{4139D546-75E8-4E07-8BC6-941161AE0A86} : DHCPNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
TCP: Interfaces\{F62A1FE3-ADE0-47F8-A806-F30389132B2D} : DHCPNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
TCP: Interfaces\{FD26C097-A94A-4461-A2F6-B3FC8097A3C3} : DHCPNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-5-28 8704]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-30 2984832]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-1 565352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-9-29 695400]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-12-8 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-9 1255736]
.
=============== Created Last 30 ================
.
2013-01-07 09:23:01 -------- d-----w- C:\Windows\pss
2013-01-07 09:13:21 -------- d-----w- C:\Users\nolanj\AppData\Local\{31181B10-C34A-45C9-ACF1-2EDB6D768C8F}
2013-01-07 01:57:08 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FF37FD35-9D1E-46A6-ABB2-D0A259C00718}\mpengine.dll
2013-01-06 08:15:56 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-04 03:56:38 -------- d-----w- C:\Users\nolanj\AppData\Local\{7125DFE0-4018-44D6-B164-602543CCDB65}
2013-01-03 15:56:13 -------- d-----w- C:\Users\nolanj\AppData\Local\{8CBC2DFB-54D4-4EF2-A68C-FFD83CB6E1E1}
2013-01-02 21:43:32 -------- d-----w- C:\Users\nolanj\AppData\Local\{80C1B05B-5CC9-4E1A-B785-6336CE1F64CA}
2013-01-01 06:31:36 -------- d-----w- C:\Users\nolanj\AppData\Local\{547D1726-C545-4301-A684-79BE9AD9BBBB}
2012-12-31 18:31:11 -------- d-----w- C:\Users\nolanj\AppData\Local\{7532EEF8-77B9-4B14-903D-47556AC71175}
2012-12-31 04:15:20 -------- d-----w- C:\Users\nolanj\AppData\Local\{DCDDC12D-F934-4838-B3A3-63DFEAAAF899}
2012-12-30 16:14:54 -------- d-----w- C:\Users\nolanj\AppData\Local\{1716675D-2AAF-45D4-B773-ACB4AB800A39}
2012-12-30 16:08:40 -------- d-----w- C:\Users\nolanj\AppData\Local\Programs
2012-12-28 23:04:00 -------- d-----w- C:\Users\nolanj\AppData\Local\{C5D294ED-C003-4246-889A-AA58D9BE74C5}
2012-12-25 19:59:02 -------- d-----w- C:\Users\nolanj\AppData\Local\{E0F9352E-0964-4938-A650-32228D36C652}
2012-12-22 17:56:24 -------- d-----w- C:\Users\nolanj\AppData\Local\{0A1E7096-C952-48BE-B5FF-25FD1C4D4630}
2012-12-22 09:00:52 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 09:00:51 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 09:00:49 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 09:00:42 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-21 03:03:27 -------- d-----w- C:\Users\nolanj\AppData\Local\{2F52C823-0C2B-45E8-A508-EEBC184B1159}
2012-12-18 05:49:20 -------- d-----w- C:\ProgramData\boost_interprocess
2012-12-18 05:49:04 -------- d-----w- C:\Users\nolanj\AppData\Roaming\Bitcoin
2012-12-18 05:48:42 -------- d-----w- C:\Program Files (x86)\Bitcoin
2012-12-17 23:04:28 -------- d-----w- C:\Users\nolanj\AppData\Local\{90BB8BE4-5CC8-4238-AF34-98364769DC85}
2012-12-15 15:12:17 -------- d-----w- C:\Users\nolanj\AppData\Local\{E881D493-30E5-4049-8591-9C96E62E81F1}
2012-12-15 03:11:53 -------- d-----w- C:\Users\nolanj\AppData\Local\{F3CCBF1E-DFDB-4FD4-BD06-BEDA5DE597DC}
2012-12-14 03:11:19 -------- d-----w- C:\Users\nolanj\AppData\Local\{BA47C420-C577-4B6B-8164-4968D8805B4D}
2012-12-13 15:10:56 -------- d-----w- C:\Users\nolanj\AppData\Local\{B00A369E-B55F-4486-868B-5944886EB6DD}
2012-12-12 15:56:30 -------- d-----w- C:\Users\nolanj\AppData\Local\{CAF819DD-DFBF-4AB4-91D6-84A6FEC60C5B}
2012-12-12 07:54:56 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-12 03:56:04 -------- d-----w- C:\Users\nolanj\AppData\Local\{BC5331DE-D266-43A8-B9EB-25F3B6DCD425}
2012-12-10 12:42:11 -------- d-----w- C:\Users\nolanj\AppData\Local\{C6B94831-8A58-4F46-803A-089DE6349EB4}
2012-12-10 00:41:47 -------- d-----w- C:\Users\nolanj\AppData\Local\{6BE2715E-7FD3-441D-B2CE-7D682D282C45}
2012-12-09 20:41:56 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-09 20:39:53 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-12-09 20:39:47 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-12-09 20:23:51 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-12-09 20:23:51 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-12-09 20:23:51 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-12-09 20:23:51 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-12-09 20:23:51 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-12-09 20:23:51 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-12-09 20:23:51 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-12-09 20:23:50 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-12-09 20:23:50 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
.
==================== Find3M ====================
.
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-12 13:17:10 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 13:17:10 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-11 17:45:12 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2012-11-11 13:34:54 252792 ----a-w- C:\Windows\System32\avutil-lav-52.dll
2012-11-11 13:34:54 178472 ----a-w- C:\Windows\System32\avresample-lav-1.dll
2012-11-11 13:34:52 181568 ----a-w- C:\Windows\System32\avfilter-lav-3.dll
2012-11-11 13:32:34 238528 ----a-w- C:\Windows\SysWow64\avutil-lav-52.dll
2012-11-11 13:32:34 158096 ----a-w- C:\Windows\SysWow64\avresample-lav-1.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
.
============= FINISH: 4:20:44.78 ===============
-
I have been having the FindGala redirect problem. I have run MBAM but have found nothing. I have also found various ways to supposedly fix this issue but none are the same. Please HELP! Thanks
FindGala Redirect
in Resolved Malware Removal Logs
Posted
I think I actually have just found what was causing this. It looks like it was a malicious extension that I had in Chrome. This extension has been removed from the chrome store. I will also continue with the steps you listed in a little awhile