Jump to content

teabea

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Posts posted by teabea

    Trojan:JS/Medfos.B

    in Resolved Malware Removal Logs

    Posted

    Hello, there's the log from ESET

    C:\Users\All Users\CodecUpdate\runtime.dll Win32/GenUpdater application unable to clean

    C:\ProgramData\CodecUpdate\runtime.dll Win32/GenUpdater application cleaned by deleting - quarantined

    C:\Qoobox\Quarantine\C\Users\User\AppData\Roaming\bragui.dll.vir a variant of Win32/Medfos.IB trojan cleaned by deleting - quarantined

    C:\Qoobox\Quarantine\C\Users\User\AppData\Roaming\weaprl.dll.vir a variant of Win32/Medfos.IB trojan cleaned by deleting - quarantined

    C:\Users\User\Downloads\InstallFreeRARExtractFrog.exe Win32/OpenCandy application cleaned by deleting - quarantined

    C:\Users\User\Downloads\Karen_Miller_-_Kingmaker,_Kingbreaker_1_-_The_Innocent_Mage_downloader.exe a variant of Win32/Adware.MediaFinder.D application cleaned by deleting - quarantined

    C:\Users\User\Downloads\SoftonicDownloader_for_deskpins.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined

    Trojan:JS/Medfos.B

    in Resolved Malware Removal Logs

    Posted

    Malwarebytes Anti-Malware 1.70.0.1100

    www.malwarebytes.org

    Database version: v2013.01.12.07

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    User :: PC-USER [administrator]

    1/12/2013 11:03:01 AM

    mbam-log-2013-01-12 (11-03-01).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 210935

    Time elapsed: 2 minute(s), 41 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    ****

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 11:07:25 AM, on 1/12/2013

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v9.00 (9.00.8112.16457)

    Boot mode: Normal

    Running processes:

    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

    C:\Users\User\Local Settings\Apps\F.lux\flux.exe

    C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe

    C:\Program Files (x86)\DeskPins\DeskPins.exe

    C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

    C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe

    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    C:\Users\User\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

    O4 - HKCU\..\Run: [F.lux] "C:\Users\User\Local Settings\Apps\F.lux\flux.exe" /noshow

    O4 - HKCU\..\Run: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect

    O4 - HKCU\..\Run: [3C315CB7C05A2A2BFAEAFA05AE1603CA95A938F0._service_run] "C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service

    O4 - Startup: DeskPins.lnk = C:\Program Files (x86)\DeskPins\DeskPins.exe

    O4 - Startup: Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe

    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --

    End of file - 9495 bytes

    ****

    Things are still running fine, thank you!

    Trojan:JS/Medfos.B

    in Resolved Malware Removal Logs

    Posted

    Here's is the log from the script + combfix:

    ComboFix 13-01-11.02 - User 01/12/2013 1:26.2.4 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2559 [GMT -6:00]

    Running from: c:\users\User\Downloads\ComboFix.exe

    Command switches used :: c:\users\User\Desktop\fourth wave\CFScript.txt

    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    -------\Legacy_NPF

    -------\Service_NPF

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 )))))))))))))))))))))))))))))))

    .

    .

    2013-01-12 07:32 . 2013-01-12 07:32 -------- d-----w- c:\users\Default\AppData\Local\temp

    2013-01-12 06:21 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07FD8AC5-7095-4E86-80C6-55DC6BED557A}\mpengine.dll

    2013-01-11 02:15 . 2013-01-11 02:15 -------- d-----w- c:\users\User\AppData\Local\Programs

    2013-01-10 20:51 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2013-01-10 00:26 . 2013-01-10 00:35 -------- d-----w- c:\users\User\AppData\Roaming\Audacity

    2013-01-10 00:26 . 2013-01-10 00:26 -------- d-----w- c:\program files (x86)\Audacity

    2013-01-10 00:22 . 2013-01-10 00:22 -------- d-----w- c:\windows\en

    2013-01-10 00:22 . 2013-01-10 00:22 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

    2013-01-10 00:20 . 2013-01-10 00:22 -------- d-----w- c:\program files (x86)\Windows Live

    2013-01-10 00:19 . 2010-06-02 10:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll

    2013-01-10 00:19 . 2010-06-02 10:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll

    2013-01-10 00:19 . 2010-06-02 10:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll

    2013-01-10 00:19 . 2010-06-02 10:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll

    2013-01-10 00:19 . 2010-05-26 17:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll

    2013-01-10 00:19 . 2010-05-26 17:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

    2013-01-10 00:19 . 2010-05-26 17:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll

    2013-01-10 00:19 . 2010-05-26 17:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll

    2013-01-10 00:19 . 2009-09-04 23:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

    2013-01-10 00:19 . 2009-09-04 23:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

    2013-01-10 00:18 . 2006-11-29 19:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

    2013-01-10 00:18 . 2006-11-29 19:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll

    2013-01-10 00:16 . 2013-01-10 00:16 -------- d-----w- c:\users\User\AppData\Local\Windows Live

    2013-01-10 00:15 . 2013-01-10 00:15 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

    2013-01-09 06:45 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll

    2013-01-08 04:42 . 2013-01-08 04:42 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

    2012-12-22 09:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

    2012-12-22 09:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

    2012-12-22 09:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

    2012-12-22 09:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

    2012-12-17 03:34 . 2013-01-03 23:10 -------- d-----w- c:\users\User\AppData\Local\NETGEARGenie

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2013-01-09 13:24 . 2012-05-24 19:03 67599240 ----a-w- c:\windows\system32\MRT.exe

    2013-01-08 21:28 . 2012-05-25 21:12 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2013-01-08 21:28 . 2012-05-25 21:12 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2012-12-17 03:16 . 2012-06-20 03:39 369168 ----a-w- c:\windows\system32\wpcap.dll

    2012-12-17 03:16 . 2012-06-20 03:39 35344 ----a-w- c:\windows\system32\drivers\npf.sys

    2012-12-17 03:16 . 2012-06-20 03:39 106000 ----a-w- c:\windows\system32\packet.dll

    2012-12-14 22:49 . 2012-05-25 21:10 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

    2012-11-30 04:45 . 2013-01-09 06:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll

    2012-11-28 05:49 . 2012-11-28 05:49 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED3EC0C8-ED44-40E6-9A03-54B1E29E91E8}\gapaengine.dll

    2012-11-14 07:06 . 2012-12-12 09:01 17811968 ----a-w- c:\windows\system32\mshtml.dll

    2012-11-14 06:32 . 2012-12-12 09:01 10925568 ----a-w- c:\windows\system32\ieframe.dll

    2012-11-14 06:11 . 2012-12-12 09:01 2312704 ----a-w- c:\windows\system32\jscript9.dll

    2012-11-14 06:04 . 2012-12-12 09:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

    2012-11-14 06:04 . 2012-12-12 09:01 1392128 ----a-w- c:\windows\system32\wininet.dll

    2012-11-14 06:02 . 2012-12-12 09:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

    2012-11-14 06:02 . 2012-12-12 09:01 237056 ----a-w- c:\windows\system32\url.dll

    2012-11-14 05:59 . 2012-12-12 09:01 85504 ----a-w- c:\windows\system32\jsproxy.dll

    2012-11-14 05:58 . 2012-12-12 09:01 816640 ----a-w- c:\windows\system32\jscript.dll

    2012-11-14 05:57 . 2012-12-12 09:01 599040 ----a-w- c:\windows\system32\vbscript.dll

    2012-11-14 05:57 . 2012-12-12 09:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

    2012-11-14 05:55 . 2012-12-12 09:01 2144768 ----a-w- c:\windows\system32\iertutil.dll

    2012-11-14 05:55 . 2012-12-12 09:01 729088 ----a-w- c:\windows\system32\msfeeds.dll

    2012-11-14 05:53 . 2012-12-12 09:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

    2012-11-14 05:52 . 2012-12-12 09:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

    2012-11-14 05:46 . 2012-12-12 09:01 248320 ----a-w- c:\windows\system32\ieui.dll

    2012-11-14 02:09 . 2012-12-12 09:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

    2012-11-14 01:58 . 2012-12-12 09:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

    2012-11-14 01:57 . 2012-12-12 09:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

    2012-11-14 01:49 . 2012-12-12 09:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

    2012-11-14 01:48 . 2012-12-12 09:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

    2012-11-14 01:44 . 2012-12-12 09:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

    2012-11-09 05:45 . 2012-12-12 03:25 2048 ----a-w- c:\windows\system32\tzres.dll

    2012-11-09 04:42 . 2012-12-12 03:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll

    2012-11-06 03:02 . 2012-11-06 03:03 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

    2012-11-06 03:02 . 2012-06-08 20:38 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

    2012-11-02 05:59 . 2012-12-12 03:25 478208 ----a-w- c:\windows\system32\dpnet.dll

    2012-11-02 05:11 . 2012-12-12 03:25 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

    2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

    2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

    2012-10-16 08:38 . 2012-11-28 07:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

    2012-10-16 08:38 . 2012-11-28 07:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

    2012-10-16 07:39 . 2012-11-28 07:42 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"

    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

    2012-12-05 04:23 1019976 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"

    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

    2012-12-05 04:23 1019976 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

    2012-12-05 04:23 1019976 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

    2012-11-13 23:32 129272 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

    2012-11-13 23:32 129272 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

    2012-11-13 23:32 129272 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU]

    "F.lux"="c:\users\User\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

    "NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-10-16 1041736]

    "3C315CB7C05A2A2BFAEAFA05AE1603CA95A938F0._service_run"="c:\users\User\AppData\Local\Google\Chrome\Application\chrome.exe" [bU]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

    "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-12-05 1065032]

    .

    c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    DeskPins.lnk - c:\program files (x86)\DeskPins\DeskPins.exe [2004-5-2 62464]

    Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-4 28539232]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    "PromptOnSecureDesktop"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-24 1255736]

    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]

    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]

    S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-09-25 231752]

    S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]

    S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896]

    S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]

    S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]

    S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

    .

    .

    --- Other Services/Drivers In Memory ---

    .

    *NewlyCreated* - NPF

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 21:28]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"

    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

    2012-12-05 04:12 1292360 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"

    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

    2012-12-05 04:12 1292360 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

    2012-12-05 04:12 1292360 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

    2012-11-13 23:32 162552 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

    2012-11-13 23:32 162552 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

    2012-11-13 23:32 162552 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

    2012-11-13 23:32 162552 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]

    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]

    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 703088]

    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = *.local

    IE: Copy to Semagic - c:\program files (x86)\Semagic\copy.htm

    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

    IE: Semagic - c:\program files (x86)\Semagic\link.htm

    TCP: DhcpNameServer = 192.168.1.1

    FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ksjai0i9.default\

    FF - ExtSQL: 2013-01-10 21:12; {40080c1e-d01b-475e-af49-b6d483c0d30e}; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ksjai0i9.default\extensions\{40080c1e-d01b-475e-af49-b6d483c0d30e}.xpi

    FF - ExtSQL: 2013-01-11 23:50; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ksjai0i9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

    .

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    .

    **************************************************************************

    .

    Completion time: 2013-01-12 01:39:21 - machine was rebooted

    ComboFix-quarantined-files.txt 2013-01-12 07:39

    ComboFix2.txt 2013-01-12 06:15

    .

    Pre-Run: 181,898,809,344 bytes free

    Post-Run: 181,833,674,752 bytes free

    .

    - - End Of File - - E15824FC8451A90A914EF89F823A3A1F

    Trojan:JS/Medfos.B

    in Resolved Malware Removal Logs

    Posted

    Fast reply!

    I ran combofix -- after the computer restarted and the log popped up, every program refused to open until I restarted a second time. I was going to snap a picture of the exact error, but restarted first. (I blame the 18 hour work day.) It did claim that there was a system32 error something something. Everything seems to working well right now, though. I haven't had a pop-up from MSE so far, and I'm not getting the weird liveclick error I was getting before. (IE: On occasional times today/yesterday when I tried to open something from a google search I would get a reroute to a long URL mentioning liveclick. I also had a script error message pop-up regarding Chrome, while using firefox.)

    BUT, things seem to running alright so far.

    Trojan:JS/Medfos.B

    in Resolved Malware Removal Logs

    Posted

    Good evening. I've been getting a notification regarding the above mentioned trojan, and all the other "conventional" fixes have failed. Thanks.

    **

    DDS (Ver_2012-11-20.01) - NTFS_AMD64

    Internet Explorer: 9.0.8112.16457

    Run by User at 21:24:09 on 2013-01-10

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2208 [GMT -6:00]

    .

    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    c:\Program Files\Microsoft Security Client\MsMpEng.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\taskhost.exe

    C:\Windows\Explorer.EXE

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe

    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    C:\Windows\System32\svchost.exe -k HPZ12

    C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe

    C:\Windows\System32\svchost.exe -k HPZ12

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    c:\Program Files\Microsoft Security Client\NisSrv.exe

    C:\Windows\System32\igfxtray.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\IDT\WDM\sttray64.exe

    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

    C:\Program Files\Microsoft Security Client\msseces.exe

    C:\Windows\System32\StikyNot.exe

    C:\Users\User\Local Settings\Apps\F.lux\flux.exe

    C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\Program Files (x86)\DeskPins\DeskPins.exe

    C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe

    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Windows\splwow64.exe

    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    C:\Windows\system32\svchost.exe -k HPService

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Windows\servicing\TrustedInstaller.exe

    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    c:\Program Files\Microsoft Security Client\MpCmdRun.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\System32\cscript.exe

    .

    ============== Pseudo HJT Report ===============

    .

    mWinlogon: Userinit = userinit.exe,

    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

    uRun: [F.lux] "C:\Users\User\Local Settings\Apps\F.lux\flux.exe" /noshow

    uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect

    uRun: [3C315CB7C05A2A2BFAEAFA05AE1603CA95A938F0._service_run] "C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DeskPins.lnk - C:\Program Files (x86)\DeskPins\DeskPins.exe

    StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

    mPolicies-Explorer: NoActiveDesktop = dword:1

    mPolicies-Explorer: NoActiveDesktopChanges = dword:1

    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

    mPolicies-System: ConsentPromptBehaviorUser = dword:3

    mPolicies-System: EnableUIADesktopToggle = dword:0

    mPolicies-System: PromptOnSecureDesktop = dword:0

    IE: Copy to Semagic - C:\Program Files (x86)\Semagic\copy.htm

    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

    IE: Semagic - C:\Program Files (x86)\Semagic\link.htm

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

    DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

    DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://www.driveragent.com/files/driveragent.cab

    TCP: NameServer = 192.168.1.1

    TCP: Interfaces\{D099468F-9AF1-4FF9-ABDA-E949A32B8E62} : DHCPNameServer = 192.168.1.1

    TCP: Interfaces\{D099468F-9AF1-4FF9-ABDA-E949A32B8E62}\2516D61646160294E6E602F4E6D275966496023303 : DHCPNameServer = 192.168.182.1

    TCP: Interfaces\{D099468F-9AF1-4FF9-ABDA-E949A32B8E62}\2516D61646160294E6E602F4E6D275966496023323 : DHCPNameServer = 192.168.182.1

    TCP: Interfaces\{D099468F-9AF1-4FF9-ABDA-E949A32B8E62}\34C6572602C4566756C6 : DHCPNameServer = 199.27.160.10 199.27.165.10

    TCP: Interfaces\{D099468F-9AF1-4FF9-ABDA-E949A32B8E62}\C696E6B6379737 : DHCPNameServer = 97.64.183.164 97.64.209.37

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    SSODL: WebCheck - <orphaned>

    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

    x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

    x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

    x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

    x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

    x64-Notify: igfxcui - igfxdev.dll

    x64-SSODL: WebCheck - <orphaned>

    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ksjai0i9.default\

    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

    FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll

    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    FF - plugin: C:\Users\User\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll

    FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ksjai0i9.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\npSlingPlayer.dll

    FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ksjai0i9.default\extensions\activegs@freetoolsassociation.com\plugins\npActiveGS.dll

    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

    FF - ExtSQL: 2013-01-10 21:12; {40080c1e-d01b-475e-af49-b6d483c0d30e}; C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ksjai0i9.default\extensions\{40080c1e-d01b-475e-af49-b6d483c0d30e}.xpi

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-5-24 21616]

    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2012-5-24 89600]

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-9-25 231752]

    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]

    R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2012-5-24 60416]

    R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2012-5-24 80896]

    R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2012-5-24 55808]

    R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-24 2320920]

    R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-5-24 27760]

    R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]

    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]

    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-24 1255736]

    .

    =============== Created Last 30 ================

    .

    2013-01-11 03:12:57 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA4F9715-7B19-4E71-AB5F-8BFF5FB2BB73}\offreg.dll

    2013-01-11 02:15:26 -------- d-----w- C:\Users\User\AppData\Local\Programs

    2013-01-11 01:34:54 333824 ----a-w- C:\Users\User\AppData\Roaming\bragui.dll

    2013-01-11 01:34:31 626688 ----a-w- C:\Users\User\AppData\Roaming\weaprl.dll

    2013-01-10 20:51:12 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA4F9715-7B19-4E71-AB5F-8BFF5FB2BB73}\mpengine.dll

    2013-01-10 00:26:21 -------- d-----w- C:\Program Files (x86)\Audacity

    2013-01-10 00:22:58 -------- d-----w- C:\Windows\en

    2013-01-10 00:22:14 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

    2013-01-10 00:19:45 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll

    2013-01-10 00:19:45 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll

    2013-01-10 00:19:45 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll

    2013-01-10 00:19:45 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll

    2013-01-10 00:19:44 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll

    2013-01-10 00:19:44 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

    2013-01-10 00:19:43 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll

    2013-01-10 00:19:43 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll

    2013-01-10 00:19:06 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

    2013-01-10 00:19:06 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

    2013-01-10 00:18:09 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

    2013-01-10 00:18:09 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

    2013-01-10 00:16:29 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b9e0b7341cdeec704\DSETUP.dll

    2013-01-10 00:16:29 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b9e0b7341cdeec704\DXSETUP.exe

    2013-01-10 00:16:29 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b9e0b7341cdeec704\dsetup32.dll

    2013-01-10 00:16:23 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b614faf91cdeec703\DSETUP.dll

    2013-01-10 00:16:23 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b614faf91cdeec703\DXSETUP.exe

    2013-01-10 00:16:23 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b614faf91cdeec703\dsetup32.dll

    2013-01-10 00:16:17 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b3e0d4a71cdeec702\DSETUP.dll

    2013-01-10 00:16:17 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b3e0d4a71cdeec702\DXSETUP.exe

    2013-01-10 00:16:17 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b3e0d4a71cdeec702\dsetup32.dll

    2013-01-10 00:16:07 -------- d-----w- C:\Users\User\AppData\Local\Windows Live

    2013-01-10 00:15:51 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

    2013-01-09 06:45:38 424448 ----a-w- C:\Windows\System32\KernelBase.dll

    2013-01-09 04:26:31 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2012-12-24 14:51:00 -------- d-----w- C:\Windows\pss

    2012-12-22 09:00:36 46080 ----a-w- C:\Windows\System32\atmlib.dll

    2012-12-22 09:00:36 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

    2012-12-22 09:00:34 367616 ----a-w- C:\Windows\System32\atmfd.dll

    2012-12-22 09:00:34 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

    2012-12-17 03:34:54 -------- d-----w- C:\Users\User\AppData\Local\NETGEARGenie

    2012-12-12 03:25:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

    2012-12-12 03:25:46 2048 ----a-w- C:\Windows\System32\tzres.dll

    2012-12-12 03:25:16 478208 ----a-w- C:\Windows\System32\dpnet.dll

    2012-12-12 03:25:16 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

    .

    ==================== Find3M ====================

    .

    2013-01-08 21:28:34 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2013-01-08 21:28:34 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    2012-12-17 03:16:23 369168 ----a-w- C:\Windows\System32\wpcap.dll

    2012-12-17 03:16:22 35344 ----a-w- C:\Windows\System32\drivers\npf.sys

    2012-12-17 03:16:22 106000 ----a-w- C:\Windows\System32\packet.dll

    2012-12-17 03:16:21 96784 ----a-w- C:\Windows\SysWow64\packet.dll

    2012-12-17 03:16:21 281104 ----a-w- C:\Windows\SysWow64\wpcap.dll

    2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

    2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys

    2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe

    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll

    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

    2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

    2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll

    2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

    2012-11-06 03:02:57 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

    2012-11-06 03:02:57 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

    2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll

    2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll

    2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

    2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

    2012-10-25 09:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

    2012-10-25 09:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

    .

    ============= FINISH: 21:24:45.66 ===============

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows 7 Home Premium

    Boot Device: \Device\HarddiskVolume1

    Install Date: 5/23/2012 5:15:39 PM

    System Uptime: 1/10/2013 9:11:42 PM (0 hours ago)

    .

    Motherboard: Dell Inc. | | 0G939P

    Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | U2E1 | 1178/133mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 233 GiB total, 163.424 GiB free.

    D: is CDROM ()

    .

    ==== Disabled Device Manager Items =============

    .

    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

    Description: Photosmart D110 series

    Device ID: ROOT\MULTIFUNCTION\0000

    Manufacturer: HP

    Name: Photosmart D110 series

    PNP Device ID: ROOT\MULTIFUNCTION\0000

    Service:

    .

    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

    Description: HP LaserJet Professional P1102w

    Device ID: ROOT\MULTIFUNCTION\0001

    Manufacturer: Hewlett-Packard

    Name: HP LaserJet Professional P1102w

    PNP Device ID: ROOT\MULTIFUNCTION\0001

    Service:

    .

    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

    Description: Photosmart D110 series

    Device ID: ROOT\MULTIFUNCTION\0002

    Manufacturer: HP

    Name: Photosmart D110 series

    PNP Device ID: ROOT\MULTIFUNCTION\0002

    Service:

    .

    ==== System Restore Points ===================

    .

    RP103: 1/1/2013 6:32:28 PM - Windows Update

    RP104: 1/5/2013 9:51:07 AM - Windows Update

    RP105: 1/7/2013 10:40:32 PM - Installed QuickTime

    RP106: 1/8/2013 10:25:48 PM - Windows Update

    RP107: 1/9/2013 7:21:15 AM - Windows Update

    RP108: 1/9/2013 6:16:13 PM - Windows Live Essentials

    RP109: 1/9/2013 6:17:04 PM - Installed DirectX

    RP110: 1/9/2013 6:18:49 PM - Installed DirectX

    RP111: 1/9/2013 6:19:09 PM - Installed DirectX

    RP112: 1/9/2013 6:20:54 PM - WLSetup

    RP114: 1/10/2013 7:35:31 PM - Microsoft Antimalware Checkpoint

    RP115: 1/10/2013 8:08:02 PM - Removed Façade

    RP116: 1/10/2013 8:09:47 PM - Removed Splashtop Streamer

    RP117: 1/10/2013 8:10:36 PM - Removed Java 6 Update 31

    RP118: 1/10/2013 8:27:09 PM - Removed Java 7 Update 9

    .

    ==== Installed Programs ======================

    .

    64 Bit HP CIO Components Installer

    AccelerometerP11

    Adobe AIR

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player 11 Plugin

    Adobe Reader X (10.1.3)

    Amazon Kindle

    Amazon MP3 Downloader 1.0.15

    Amazon Unbox Video

    Apple Application Support

    Apple Mobile Device Support

    Apple Software Update

    Audacity 2.0.2

    Bonjour

    calibre

    Carbonite

    Coupon Printer for Windows

    CutePDF Writer 3.0

    D3DX10

    Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

    DeskPins (remove only)

    Dropbox

    F.lux

    Façade

    Free RAR Extract Frog

    Hamster Free EbookConverter

    Hamster Free Video Converter

    HP Photosmart D110 All-In-One Driver 14.0 Rel. 7

    Hulu Desktop

    IDT Audio

    Intel® Management Engine Components

    iTunes

    LJ-SecInstall

    Malwarebytes Anti-Malware version 1.70.0.1100

    Microsoft .NET Framework 4 Client Profile

    Microsoft Application Error Reporting

    Microsoft Office 2010 Service Pack 1 (SP1)

    Microsoft Office Access MUI (English) 2010

    Microsoft Office Access Setup Metadata MUI (English) 2010

    Microsoft Office Excel MUI (English) 2010

    Microsoft Office Groove MUI (English) 2010

    Microsoft Office InfoPath MUI (English) 2010

    Microsoft Office Office 32-bit Components 2010

    Microsoft Office OneNote MUI (English) 2010

    Microsoft Office Outlook MUI (English) 2010

    Microsoft Office PowerPoint MUI (English) 2010

    Microsoft Office Professional Plus 2010

    Microsoft Office Proof (English) 2010

    Microsoft Office Proof (French) 2010

    Microsoft Office Proof (Spanish) 2010

    Microsoft Office Proofing (English) 2010

    Microsoft Office Publisher MUI (English) 2010

    Microsoft Office Shared 32-bit MUI (English) 2010

    Microsoft Office Shared MUI (English) 2010

    Microsoft Office Shared Setup Metadata MUI (English) 2010

    Microsoft Office Word MUI (English) 2010

    Microsoft Security Client

    Microsoft Security Essentials

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Movie Maker

    Mozilla Firefox 18.0 (x86 en-US)

    Mozilla Maintenance Service

    MSVCRT

    MSVCRT110

    MSVCRT110_amd64

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    NaturalReaderFree

    NETGEAR Genie

    Network64

    Photo Common

    Photo Gallery

    Portal

    PrintConductor

    PS_AIO_07_D110_SW_Min

    QuickTime

    RICOH Media Driver ver.2.07.01.04

    Scan

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

    Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition

    Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition

    Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition

    Security Update for Microsoft Office 2010 (KB2553091)

    Security Update for Microsoft Office 2010 (KB2553096)

    Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

    Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

    Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

    Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition

    Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition

    Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition

    Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition

    Security Update for Microsoft Visio 2010 (KB2687508) 64-Bit Edition

    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition

    Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition

    Semagic (remove only)

    Steam

    Toolbox

    TweetDeck

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    Update for Microsoft Office 2010 (KB2553065)

    Update for Microsoft Office 2010 (KB2553092)

    Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition

    Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

    Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

    Update for Microsoft Office 2010 (KB2566458)

    Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition

    Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition

    Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

    Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition

    Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition

    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition

    VC80CRTRedist - 8.0.50727.6195

    VLC media player 2.0.1

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live ID Sign-in Assistant

    Windows Live Installer

    Windows Live Photo Common

    Windows Live PIMT Platform

    Windows Live SOXE

    Windows Live SOXE Definitions

    Windows Live UX Platform

    Windows Live UX Platform Language Pack

    World of Goo

    .

    ==== End Of File ===========================

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.