-
Posts
18 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Karthus
-
-
It was removed. Everything seems normal.
-
-
Here is combofix's log:
ComboFix 13-03-10.02 - Jonah 03/10/2013 11:28:56.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5853 [GMT -4:00]
Running from: c:\users\Jonah\Desktop\ComboFix.exe
Command switches used :: c:\users\Jonah\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\RealArcade\Installer\gamehouse.exe"
"c:\users\Ilana\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003b"
"c:\users\Ilana\AppData\Local\Google\Chrome\User Data\Default\Default\aagfdfdjgddgdfdegeddgfdhdedadidi\background.js"
"c:\users\Ilana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PL0AGISX\ZoolaGames_Setup[1].exe"
"c:\users\Ilana\AppData\Roaming\Mozilla\Firefox\Profiles\nu79b5fv.default\extensions\cgwuychagu@cgwuychagu.org.xpi"
"c:\users\Ilana\Downloads\GameHouse-Installer_am-draculalovekills_gamehouse_ (1).exe"
"c:\users\Ilana\Downloads\GameHouse-Installer_am-draculalovekills_gamehouse_ (2).exe"
"c:\users\Ilana\Downloads\GameHouse-Installer_am-draculalovekills_gamehouse_ (3).exe"
"c:\users\Ilana\Downloads\GameHouse-Installer_am-draculalovekills_gamehouse_.exe"
"c:\users\Ilana\Downloads\GameHouse-Installer_am-thetudors_gamehouse_.exe"
"c:\users\Ilana\Downloads\MInecraft.exe"
"c:\users\Ilana\Downloads\Minecraft_Setup.exe"
"c:\users\Jonah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\9bb9c4e-7bbd666e"
"c:\users\Jonah\AppData\Roaming\Mozilla\Firefox\Profiles\ltzf5who.default\extensions\cgwuychagu@cgwuychagu.org.xpi"
"c:\users\Jonah\Downloads\PFPortChecker.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Zoola Games Manager
c:\programdata\Zoola Games Manager\2.3.759.138\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe
c:\programdata\Zoola Games Manager\2.3.759.138\{16cdff19-861d-48e3-a751-d99a27784753}\zoolamngr.dll
c:\programdata\Zoola Games Manager\2.3.759.138\{16cdff19-861d-48e3-a751-d99a27784753}\zoolamngr.exe
c:\programdata\Zoola Games Manager\2.3.759.138\{16cdff19-861d-48e3-a751-d99a27784753}\zoolamngr.settings
c:\users\All Users\Zoola Games Manager\2.3.759.138\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe
c:\users\All Users\Zoola Games Manager\2.3.759.138\{16cdff19-861d-48e3-a751-d99a27784753}\zoolamngr.dll
c:\users\All Users\Zoola Games Manager\2.3.759.138\{16cdff19-861d-48e3-a751-d99a27784753}\zoolamngr.exe
c:\users\All Users\Zoola Games Manager\2.3.759.138\{16cdff19-861d-48e3-a751-d99a27784753}\zoolamngr.settings
.
.
((((((((((((((((((((((((( Files Created from 2013-02-10 to 2013-03-10 )))))))))))))))))))))))))))))))
.
.
2013-03-10 15:42 . 2013-03-10 15:42 -------- d-----w- c:\users\Ilana\AppData\Local\temp
2013-03-10 15:42 . 2013-03-10 15:42 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-03-10 15:42 . 2013-03-10 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-10 15:42 . 2013-03-10 15:42 -------- d-----w- c:\users\David\AppData\Local\temp
2013-03-10 15:42 . 2013-03-10 15:42 -------- d-----w- c:\users\Asher\AppData\Local\temp
2013-03-09 16:15 . 2013-03-09 16:15 -------- d-----w- c:\users\Jonah\AppData\Local\AVG Secure Search
2013-03-08 21:34 . 2013-03-08 21:34 -------- d-----w- c:\program files (x86)\ESET
2013-03-08 01:35 . 2013-03-08 21:12 138 ----a-w- c:\windows\DeleteOnReboot.bat
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 00:07 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 00:07 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 21:21 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 21:21 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 21:21 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 21:21 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 21:21 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 21:21 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 21:21 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 21:21 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 21:21 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 21:21 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 21:21 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 21:21 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 21:07 . 2013-02-13 21:07 -------- d-----w- c:\users\Guest\AppData\Local\AVG SafeGuard toolbar
2013-02-09 16:48 . 2013-02-09 16:48 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-18 23:37 . 2013-01-23 00:31 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-02-14 00:08 . 2011-01-30 22:38 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-05 23:14 . 2013-02-05 23:14 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-05 23:14 . 2012-05-12 00:04 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-05 23:14 . 2011-04-16 19:19 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-04 04:43 . 2013-02-13 21:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-28 00:04 . 2012-12-26 19:37 118112 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2012-12-25 22:26 . 2012-12-25 22:26 98304 ----a-r- c:\users\Jonah\AppData\Roaming\Microsoft\Installer\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}\python_icon.exe
2012-12-24 15:35 . 2012-12-24 15:35 8794192 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-12-17 00:09 . 2012-12-15 19:04 96832 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-12-17 00:06 . 2012-06-09 19:35 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-12-17 00:05 . 2012-04-29 23:55 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2012-12-16 17:11 . 2012-12-21 00:00 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 00:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 00:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 00:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 22:32 . 2012-12-14 22:32 98304 ----a-r- c:\users\Jonah\AppData\Roaming\Microsoft\Installer\{526B1417-92C1-3737-8247-4ABC49CCC8E4}\python_icon.exe
2012-12-14 21:49 . 2012-12-31 21:58 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-13 01:28 . 2012-12-13 01:28 40960 ----a-r- c:\users\Jonah\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-12-13 01:28 . 2012-12-13 01:28 40960 ----a-r- c:\users\Jonah\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-07-20 02:38 . 2012-07-20 02:38 4024320 ----a-w- c:\program files (x86)\GUT466C.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8A86D350-37AB-410A-8531-7D1363F317B3}]
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll [bU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jonah\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jonah\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jonah\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-26 202296]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-18 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-07-25 468112]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-02-18 1151152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Jonah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jonah\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-11-02 5174392]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-01-24 22016]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-30 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-18 39768]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-08 203264]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-26 202296]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-18 968880]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 130048]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-06 21:11 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-19 02:44]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-19 02:44]
.
2013-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1021407475-3848029740-3315565179-1003Core.job
- c:\users\Asher\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10 17:19]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1021407475-3848029740-3315565179-1003UA.job
- c:\users\Asher\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10 17:19]
.
2013-02-22 c:\windows\Tasks\HPCeeScheduleForJonah.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
2013-01-22 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-21 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Jonah\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Jonah\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Jonah\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Jonah\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jonah\AppData\Roaming\Mozilla\Firefox\Profiles\ltzf5who.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={C2444CE6-B122-4165-B266-37DDE8B3BA81}&mid=fde7185b62c747d6a95705cc22259942-398be26a01954a61f60114ddf5af937e9e3db655〈=en&ds=AVG&pr=fr&d=2013-01-22 19:31&v=14.2.0.1&pid=safeguard&sg=1&sap=hp
FF - prefs.js: keyword.URL - hxxp://mysearch.avg.com/search?cid={C2444CE6-B122-4165-B266-37DDE8B3BA81}&mid=fde7185b62c747d6a95705cc22259942-398be26a01954a61f60114ddf5af937e9e3db655〈=en&ds=AVG&pr=fr&d=2013-01-22 19:31&pid=safeguard&sg=1&v=14.0.0.14&sap=ku&q=
FF - ExtSQL: 2013-01-22 19:31; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-7-Zip - c:\users\Jonah\Desktop\Wom Files\lib\7-Zip\Uninstall.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Portforward Static IP Address - c:\users\Jonah\Desktop\MC_Classic Files\Port Fowarding\PFStaticIP\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:f8,f1,75,05,13,77,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,40,44,2f,77,85,bf,4f,a3,a1,d1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,40,44,2f,77,85,bf,4f,a3,a1,d1,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-10 11:46:51
ComboFix-quarantined-files.txt 2013-03-10 15:46
ComboFix2.txt 2013-03-08 01:13
.
Pre-Run: 750,789,992,448 bytes free
Post-Run: 750,727,688,192 bytes free
.
- - End Of File - - 4903851348288FF01F7BD9181E1A0A2E
My computer seems fine. There is nothing slow about it. However, I'm not to sure how to safely remove and create new backup sets.
-
Sorry for not posting yesterday. The ESET scanner had to be stopped, and a new one was started yesterday that took up the entire day.
Here is the ESET log:
C:\Program Files (x86)\RealArcade\Installer\gamehouse.exe a variant of Win32/InstallIQ application
C:\ProgramData\Zoola Games Manager\2.3.759.138\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe a variant of Win32/bProtector.A application
C:\ProgramData\Zoola Games Manager\2.3.759.138\{16cdff19-861d-48e3-a751-d99a27784753}\zoolamngr.dll probably a variant of Win32/bProtector.A application
C:\ProgramData\Zoola Games Manager\2.3.759.138\{16cdff19-861d-48e3-a751-d99a27784753}\zoolamngr.exe a variant of Win32/bProtector.A application
C:\Users\All Users\Zoola Games Manager\2.3.759.138\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe a variant of Win32/bProtector.A application
C:\Users\All Users\Zoola Games Manager\2.3.759.138\{16cdff19-861d-48e3-a751-d99a27784753}\zoolamngr.dll probably a variant of Win32/bProtector.A application
C:\Users\All Users\Zoola Games Manager\2.3.759.138\{16cdff19-861d-48e3-a751-d99a27784753}\zoolamngr.exe a variant of Win32/bProtector.A application
C:\Users\Ilana\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003b Win32/OpenCandy application
C:\Users\Ilana\AppData\Local\Google\Chrome\User Data\Default\Default\aagfdfdjgddgdfdegeddgfdhdedadidi\background.js Win32/TrojanDownloader.Tracur.V trojan
C:\Users\Ilana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PL0AGISX\ZoolaGames_Setup[1].exe Win32/InstallBrain.J application
C:\Users\Ilana\AppData\Roaming\Mozilla\Firefox\Profiles\nu79b5fv.default\extensions\cgwuychagu@cgwuychagu.org.xpi JS/Redirector.NCI trojan
C:\Users\Ilana\Downloads\GameHouse-Installer_am-draculalovekills_gamehouse_ (1).exe Win32/OpenCandy application
C:\Users\Ilana\Downloads\GameHouse-Installer_am-draculalovekills_gamehouse_ (2).exe Win32/OpenCandy application
C:\Users\Ilana\Downloads\GameHouse-Installer_am-draculalovekills_gamehouse_ (3).exe Win32/OpenCandy application
C:\Users\Ilana\Downloads\GameHouse-Installer_am-draculalovekills_gamehouse_.exe Win32/OpenCandy application
C:\Users\Ilana\Downloads\GameHouse-Installer_am-thetudors_gamehouse_.exe Win32/OpenCandy application
C:\Users\Ilana\Downloads\MInecraft.exe a variant of Win32/DomaIQ.A application
C:\Users\Ilana\Downloads\Minecraft_Setup.exe a variant of Win32/DomaIQ.A application
C:\Users\Jonah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\9bb9c4e-7bbd666e a variant of Java/JShrink.A application
C:\Users\Jonah\AppData\Roaming\Mozilla\Firefox\Profiles\ltzf5who.default\extensions\cgwuychagu@cgwuychagu.org.xpi JS/Redirector.NCI trojan
C:\Users\Jonah\Downloads\PFPortChecker.exe a variant of Win32/Bundled.Toolbar.Ask application
G:\FEITLOMAN\Backup Set 2011-05-15 112951\Backup Files 2011-09-25 085800\Backup files 1.zip Win32/Adware.Yontoo application
G:\FEITLOMAN\Backup Set 2011-05-15 112951\Backup Files 2011-12-17 200001\Backup files 2.zip Win32/InstallCore.Gen application
G:\FEITLOMAN\Backup Set 2011-05-15 112951\Backup Files 2012-01-14 212013\Backup files 1.zip Win32/OpenCandy application
G:\FEITLOMAN\Backup Set 2011-05-15 112951\Backup Files 2012-01-21 202454\Backup files 1.zip Win32/OpenCandy application
G:\FEITLOMAN\Backup Set 2011-05-15 112951\Backup Files 2012-02-04 200001\Backup files 3.zip HTML/Fraud.BG trojan
G:\FEITLOMAN\Backup Set 2011-05-15 112951\Backup Files 2012-02-25 200001\Backup files 2.zip HTML/ScrInject.B.Gen virus
G:\FEITLOMAN\Backup Set 2011-05-15 112951\Backup Files 2012-02-25 200001\Backup files 5.zip a variant of Win32/InstallCore.BH application
G:\FEITLOMAN\Backup Set 2012-03-03 200002\Backup Files 2012-03-03 200002\Backup files 10.zip Win32/OpenCandy application
G:\FEITLOMAN\Backup Set 2012-03-03 200002\Backup Files 2012-03-03 200002\Backup files 11.zip Win32/OpenCandy application
G:\FEITLOMAN\Backup Set 2012-03-03 200002\Backup Files 2012-03-03 200002\Backup files 13.zip HTML/ScrInject.B.Gen virus
G:\FEITLOMAN\Backup Set 2012-03-03 200002\Backup Files 2012-03-03 200002\Backup files 20.zip Win32/Adware.Yontoo application
G:\FEITLOMAN\Backup Set 2012-03-03 200002\Backup Files 2012-03-03 200002\Backup files 21.zip multiple threats
G:\FEITLOMAN\Backup Set 2012-03-03 200002\Backup Files 2012-03-31 200003\Backup files 6.zip a variant of Java/JShrink.A application
G:\FEITLOMAN\Backup Set 2012-03-03 200002\Backup Files 2012-05-12 215838\Backup files 6.zip a variant of Win32/Bundled.Toolbar.Ask application
G:\FEITLOMAN\Backup Set 2012-03-03 200002\Backup Files 2012-05-19 215942\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask application
G:\FEITLOMAN\Backup Set 2012-03-03 200002\Backup Files 2012-06-09 200003\Backup files 5.zip multiple threats
G:\FEITLOMAN\Backup Set 2012-03-03 200002\Backup Files 2012-06-16 200003\Backup files 7.zip a variant of Win32/Adware.iBryte.C application
G:\FEITLOMAN\Backup Set 2012-03-03 200002\Backup Files 2012-06-23 200003\Backup files 1.zip Win32/Adware.Bundlore application
G:\FEITLOMAN\Backup Set 2012-03-03 200002\Backup Files 2012-06-23 200003\Backup files 4.zip multiple threats
G:\FEITLOMAN\Backup Set 2012-03-03 200002\Backup Files 2012-07-17 162110\Backup files 1.zip Win32/SpeedUpMyPC application
G:\FEITLOMAN\Backup Set 2012-08-04 221811\Backup Files 2012-08-04 221811\Backup files 13.zip multiple threats
G:\FEITLOMAN\Backup Set 2012-08-04 221811\Backup Files 2012-08-04 221811\Backup files 18.zip a variant of Java/JShrink.A application
G:\FEITLOMAN\Backup Set 2012-08-04 221811\Backup Files 2012-08-04 221811\Backup files 20.zip a variant of Win32/Bundled.Toolbar.Ask application
G:\FEITLOMAN\Backup Set 2012-08-04 221811\Backup Files 2012-08-04 221811\Backup files 21.zip multiple threats
G:\FEITLOMAN\Backup Set 2012-08-04 221811\Backup Files 2012-09-29 200002\Backup files 2.zip a variant of Win32/Bundled.Toolbar.Ask application
G:\FEITLOMAN\Backup Set 2012-08-04 221811\Backup Files 2012-10-13 200004\Backup files 1.zip a variant of Win32/DomaIQ.A application
G:\FEITLOMAN\Backup Set 2012-08-04 221811\Backup Files 2012-11-24 200004\Backup files 1.zip multiple threats
G:\FEITLOMAN\Backup Set 2012-08-04 221811\Backup Files 2012-11-24 200004\Backup files 5.zip a variant of Win32/Soft32Downloader.C application
G:\FEITLOMAN\Backup Set 2012-08-04 221811\Backup Files 2012-12-15 203500\Backup files 2.zip multiple threats
G:\FEITLOMAN\Backup Set 2012-12-22 200002\Backup Files 2012-12-22 200002\Backup files 13.zip multiple threats
G:\FEITLOMAN\Backup Set 2012-12-22 200002\Backup Files 2012-12-22 200002\Backup files 14.zip multiple threats
G:\FEITLOMAN\Backup Set 2012-12-22 200002\Backup Files 2012-12-22 200002\Backup files 22.zip a variant of Java/JShrink.A application
G:\FEITLOMAN\Backup Set 2012-12-22 200002\Backup Files 2012-12-22 200002\Backup files 24.zip JS/Redirector.NCI trojan
G:\FEITLOMAN\Backup Set 2012-12-22 200002\Backup Files 2012-12-22 200002\Backup files 31.zip multiple threats
G:\FEITLOMAN\Backup Set 2012-12-22 200002\Backup Files 2012-12-22 200002\Backup files 32.zip multiple threats
G:\FEITLOMAN\Backup Set 2012-12-22 200002\Backup Files 2013-01-06 160125\Backup files 4.zip JS/Redirector.NCI trojan
G:\FEITLOMAN\Backup Set 2012-12-22 200002\Backup Files 2013-01-19 200006\Backup files 5.zip a variant of Win32/Somoto.A application
-
I ran adwCleaner twice, and it froze up both times. I even renamed it to blah.exe, but it still ended up freezing up. (I was thinking of running it in safe mode, but I wanted to try all the anti-malware programs first.)
I ran a malwarebytes scan which came up clean.
I then ran the ESET online scan, which so far found 21 pieces of malware. The scan has been going for 6 hours, and has scanned over 480,000 files. Still going, progress bar has said 99% for the past few hours, and it is indeed going through all files very slowly and carefully. I'll post the logs about the infected files whenever this scan finishes. (Could be well into tomorrow at this rate.) I'll have to camp out by my computer for a while.
-
(Ignore this site moderators) I realized that when someone googles dhzixr.dll, this is the first google hit. If anyone else happens to google dhzixr.dll and comes across this page, the solution can be found here.
-
Thanks for your help thus far CatByte. I was able to successfully run ComboFix in safemode, and the .dll warning no longer pops up whenever I log into my account which is good. Here is the ComboFix log:
ComboFix 13-03-07.02 - Jonah 03/07/2013 19:47:26.1.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.7313 [GMT -5:00]
Running from: c:\users\Jonah\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Brand Affinity Technologies
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\CustomActionOnInstall.exe
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\CustomActionOnUnInstall.exe
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\Fantapper RTF File.rtf
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\fantapper_w3i20110531.crx
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\fantapper_w3i20110531.xpi
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ICSharpCode.SharpZipLib.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\System.Net.Json.dll
c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml
c:\users\Jonah\Documents\~WRL1468.tmp
c:\users\Jonah\Documents\pub918E.tmp
c:\users\Public\sdelevURL.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AlotService
.
.
((((((((((((((((((((((((( Files Created from 2013-02-08 to 2013-03-08 )))))))))))))))))))))))))))))))
.
.
2013-03-08 00:57 . 2013-03-08 00:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-08 00:57 . 2013-03-08 00:57 -------- d-----w- c:\users\Asher\AppData\Local\temp
2013-03-08 00:57 . 2013-03-08 00:57 -------- d-----w- c:\users\Ilana\AppData\Local\temp
2013-03-08 00:57 . 2013-03-08 00:57 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-03-08 00:57 . 2013-03-08 00:57 -------- d-----w- c:\users\David\AppData\Local\temp
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 00:07 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 00:07 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 21:21 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 21:21 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 21:21 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 21:21 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 21:21 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 21:21 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 21:21 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 21:21 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 21:21 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 21:21 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 21:21 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 21:21 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 21:07 . 2013-02-13 21:07 -------- d-----w- c:\users\Guest\AppData\Local\AVG SafeGuard toolbar
2013-02-09 16:48 . 2013-02-09 16:48 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-18 23:37 . 2013-01-23 00:31 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-02-14 00:08 . 2011-01-30 22:38 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-05 23:14 . 2013-02-05 23:14 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-05 23:14 . 2012-05-12 00:04 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-05 23:14 . 2011-04-16 19:19 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-04 04:43 . 2013-02-13 21:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-28 00:04 . 2012-12-26 19:37 118112 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2012-12-25 22:26 . 2012-12-25 22:26 98304 ----a-r- c:\users\Jonah\AppData\Roaming\Microsoft\Installer\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}\python_icon.exe
2012-12-24 15:35 . 2012-12-24 15:35 8794192 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-12-17 00:09 . 2012-12-15 19:04 96832 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-12-17 00:06 . 2012-06-09 19:35 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-12-17 00:05 . 2012-04-29 23:55 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2012-12-16 17:11 . 2012-12-21 00:00 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 00:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 00:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 00:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 22:32 . 2012-12-14 22:32 98304 ----a-r- c:\users\Jonah\AppData\Roaming\Microsoft\Installer\{526B1417-92C1-3737-8247-4ABC49CCC8E4}\python_icon.exe
2012-12-14 21:49 . 2012-12-31 21:58 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-13 01:28 . 2012-12-13 01:28 40960 ----a-r- c:\users\Jonah\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-12-13 01:28 . 2012-12-13 01:28 40960 ----a-r- c:\users\Jonah\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-12-10 08:28 . 2012-12-10 08:28 127328 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-07-20 02:38 . 2012-07-20 02:38 4024320 ----a-w- c:\program files (x86)\GUT466C.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-18 23:37 1929392 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll" [2013-02-18 1929392]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jonah\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jonah\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jonah\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-26 202296]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-18 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-07-25 468112]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-02-18 1151152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Jonah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jonah\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\ZOOLAG~1\23759~1.138\{16CDF~1\zoolamngr.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-01-24 22016]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-30 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-18 39768]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-08 203264]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-11-02 5174392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-26 202296]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-18 968880]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 130048]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-06 21:11 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-19 02:44]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-19 02:44]
.
2013-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1021407475-3848029740-3315565179-1003Core.job
- c:\users\Asher\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10 17:19]
.
2013-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1021407475-3848029740-3315565179-1003UA.job
- c:\users\Asher\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10 17:19]
.
2013-02-22 c:\windows\Tasks\HPCeeScheduleForJonah.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
2013-01-22 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-21 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Jonah\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Jonah\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Jonah\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Jonah\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Jonah\AppData\Roaming\Mozilla\Firefox\Profiles\ltzf5who.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={C2444CE6-B122-4165-B266-37DDE8B3BA81}&mid=fde7185b62c747d6a95705cc22259942-398be26a01954a61f60114ddf5af937e9e3db655〈=en&ds=AVG&pr=fr&d=2013-01-22 19:31&v=14.2.0.1&pid=safeguard&sg=1&sap=hp
FF - prefs.js: keyword.URL - hxxp://mysearch.avg.com/search?cid={C2444CE6-B122-4165-B266-37DDE8B3BA81}&mid=fde7185b62c747d6a95705cc22259942-398be26a01954a61f60114ddf5af937e9e3db655〈=en&ds=AVG&pr=fr&d=2013-01-22 19:31&pid=safeguard&sg=1&v=14.0.0.14&sap=ku&q=
FF - ExtSQL: 2013-01-22 19:31; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{f92a9fe4-2850-4198-b9d5-279880e49b16} - (no file)
URLSearchHooks-{f9bbf004-6e40-4019-8214-c43a37e1d058} - (no file)
BHO-{8A86D350-37AB-410A-8531-7D1363F317B3} - c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
Wow6432Node-HKCU-Run-SPMTray - c:\program files (x86)\PC Speed Maximizer\SPMTray.exe
Wow6432Node-HKCU-Run-AROReminder - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Apps - c:\users\Jonah\AppData\Local\ATI\Apps\dhzixr.dll
WebBrowser-{F92A9FE4-2850-4198-B9D5-279880E49B16} - (no file)
AddRemove-7-Zip - c:\users\Jonah\Desktop\Wom Files\lib\7-Zip\Uninstall.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Portforward Static IP Address - c:\users\Jonah\Desktop\MC_Classic Files\Port Fowarding\PFStaticIP\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:f8,f1,75,05,13,77,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,40,44,2f,77,85,bf,4f,a3,a1,d1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,40,44,2f,77,85,bf,4f,a3,a1,d1,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2013-03-07 20:13:51 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-08 01:13
.
Pre-Run: 743,528,132,608 bytes free
Post-Run: 749,330,952,192 bytes free
.
- - End Of File - - C3BEC98D91DC24B1FC33EE17447A466E
I'm going to now follow the remainder of your directions.
-
Certain programs running Java are very slow. I also have recently been prompted for a Java update. This will probably make sense to update it. Will it be a problem for trying to remove the malware though?
-
The scan finished, and no malware was found. I was told no cleanup was required. It did create a system-log.txt and one for mbar which I will post here.
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 2.992000 GHz
Memory total: 8589185024, free: 6258749440
------------ Kernel report ------------
03/07/2013 16:11:25
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\amdsata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\wdcsam64.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amdsata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\avgidsfiltera.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800792d790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007e\
Lower Device Object: 0xfffffa800875c060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8007935790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xfffffa80087ed510
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800792b790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007c\
Lower Device Object: 0xfffffa800875bb60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8007930790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007b\
Lower Device Object: 0xfffffa8006d4aa30
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80084ef790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000073\
Lower Device Object: 0xfffffa80084dc060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006996790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000056\
Lower Device Object: 0xfffffa8006cf19c0
Lower Device Driver Name: \Driver\amdsata\
Driver name found: amdsata
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.03.07.14
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006996790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80069962c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006996790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006cf7b80, DeviceName: Unknown, DriverName: \Driver\amdxata\
DevicePointer: 0xfffffa8006cf19c0, DeviceName: \Device\00000056\, DriverName: \Driver\amdsata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0077b6510, 0xfffffa8006996790, 0xfffffa80077c1090
Lower DeviceData: 0xfffff8a007d1bf50, 0xfffffa8006cf19c0, 0xfffffa8008a58e40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3A74D0F8
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1927962624
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1928169472 Numsec = 25352192
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80084ef790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80084f2040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80084ef790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80084e1870, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa80084dc060, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a01029f690, 0xfffffa80084ef790, 0xfffffa80076d2790
Lower DeviceData: 0xfffff8a00e0d50e0, 0xfffffa80084dc060, 0xfffffa80077c5090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2AE3F
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1952149504
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 999501594624 bytes
Sector size: 512 bytes
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8007930790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007929800, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007930790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80085bb390, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa8006d4aa30, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800792b790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006d60a40, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800792b790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800845c720, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa800875bb60, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8007935790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008758b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007935790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007903bf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa80087ed510, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800792d790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008637880, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800792d790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800847f040, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa800875c060, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Read File: File "c:\ProgramData\AVG2012\Chjw\84e4f3cee4f3c08a.dat" is sparse (flags = 32768)
Read File: File "c:\ProgramData\AVG2012\log\avgual.2013-02-25.log" is compressed (flags = 1)
Read File: File "c:\ProgramData\AVG2012\log\avgual.2013-02-27.log" is compressed (flags = 1)
Read File: File "c:\ProgramData\AVG2012\log\avgual.2013-02-28.log" is compressed (flags = 1)
Read File: File "c:\ProgramData\AVG2012\log\avgual.2013-03-02.log" is compressed (flags = 1)
Read File: File "c:\ProgramData\AVG2012\log\avgual.2013-03-03.log" is compressed (flags = 1)
Read File: File "c:\ProgramData\AVG2012\log\avgual.2013-03-05.log" is compressed (flags = 1)
Done!
Scan finished
=======================================
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.07.14
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jonah :: FEITLOMAN [administrator]
3/7/2013 5:26:41 PM
mbar-log-2013-03-07 (17-26-41).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 42890
Time elapsed: 1 hour(s), 14 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Okay, but should I abort the combofix scan?
-
-
Okay, will do. I have heard horror stories of people reducing their computer's to paperweights with combofix. Are there any precautions I should take?
-
-
Avast Definitions is downloading. Once that's done, I'll begin the mbr scan. Thank you for assisting me, I'll post back with my results.
-
Hello. I originally posted my issue over here, but I was told to move to here where I could possibly have better luck. Here is what I had originally posted:
"Hello. Recently, whenever I log into my account on my computer, I receive a system error saying "Could not load C:\Users\Jonah\AppData\Local\ATI\APPS\dhzixr.dll"
I researched this, and figured out that dhzixr.dll is a malicious file, and most likely Malwarebytes went ahead and deleted it during the scan. However, the malware that I seem to have been infected with must have added the dll to my registry right after Malwarebytes got to it. In my ATI folder, I do not have an APPS folder. I was almost thinking of creating a new folder, and creating an empty file called dhzixr.dll to stop the warning prompt on each log in, but I wanted to solve the problem, not cover it up. My computer is Win7, it's a shared computer and this warning does not happen on anyone else's account on this computer. So, I'm here to ask you guys what is the smartest thing to do? Remove the dll from my registry(Never used regedit.exe, I would need help with this)? Do a special type of scan? Spam some other forum with my problems? Any help would be appreciated, If you need anymore information and/or specs I would be happy to supply them. Thank you and have a nice day."
Anyways, here are my text files you wanted me to attach.
Attatch.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/30/2011 3:43:29 PM
System Uptime: 3/6/2013 3:56:13 PM (1 hours ago)
.
Motherboard: FOXCONN | | 2AB1
Processor: AMD Phenom II X4 945 Processor | CPU 1 | 780/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 671.957 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.478 GiB free.
E: is CDROM ()
F: is CDROM (UDF)
G: is FIXED (NTFS) - 931 GiB total, 453.378 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP299: 2/13/2013 7:00:25 PM - Windows Update
RP300: 2/18/2013 6:45:22 PM - Windows Backup
RP301: 2/23/2013 8:01:09 PM - Windows Backup
RP302: 2/27/2013 7:00:22 PM - Windows Update
RP303: 3/2/2013 8:00:15 PM - Windows Backup
.
==== Installed Programs ======================
.
Tools for .Net 3.5
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Professional CS6
Adobe Help Manager
Adobe Reader X (10.1.6)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARO 2012
ATI Catalyst Install Manager
Audacity 1.2.6
AVG 2012
Bejeweled 2 Deluxe
Bing Bar
Bing Rewards Client Installer
Blackhawk Striker 2
Blade
Bonjour
Build-a-lot 2
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MP Navigator EX 5.1
Canon MX890 series MP Drivers
Canon MX890 series User Registration
Canon My Printer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
CyberLink DVD Suite Deluxe
D3DX10
Dark Parables - Curse of Briar Rose
DFOLauncher
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Dropbox
DVD Menu Pack for HP MediaSmart Video
Easy Icon Maker
Elementals - The Magic Key
Escape Rosecliff Island
Fantapper Player
FATE
Final Drive Nitro
Finale NotePad 2008
foldit
Fraps
FreeBASIC 0.23.0
GameMaker 8.1
Git version 1.7.11-preview20120710
GitHub
GlassFish Server Open Source Edition 3.1.2.2
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Heroes of Hellas 2 - Olympia
HexChat (x64)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Setup
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
Hulu Desktop
HydraVision
HyperCam 2
iCloud
iTunes
Jane Angel - Templar Mystery
Jar2Exe Wizard
Java 7 Update 13
Java Auto Updater
Java 6 Update 31
Java SE Development Kit 6 Update 26
JavaFX 2.1.1
Jawbone Updater
JetBrains dotPeek 1.0
Jewel Quest 3
Jewel Quest Solitaire 2
JSmooth 0.9.9-7
Junk Mail filter update
Kaspersky Security Scan
LabelPrint
LADSPA_plugins-win-0.4.15
LAME v3.98.3 for Audacity
League of Legends
LightScribe System Software
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Magic: The Gathering – Tactics
Malwarebytes Anti-Malware version 1.70.0.1100
MapleStory
McAfee Security Scan Plus
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft Help Viewer 2.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft System CLR Types for SQL Server 2012
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2010 Shell (Integrated) - ENU
Microsoft Visual Studio 2012 Devenv
Microsoft Visual Studio 2012 Devenv Resources
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 Shell (Integrated)
Microsoft Visual Studio 2012 Shell (Isolated)
Microsoft Visual Studio 2012 Shell (Isolated) Resources
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Web Platform Installer 3.0
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Miro Video Converter
MobileMe Control Panel
Moonbase Commander
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Game Long Name
Myst V End Of Ages
Mystery Novel
NetBeans IDE 7.2.1
Nexon Game Manager
NVIDIA PhysX
Pando Media Booster
PDF Settings CS6
Penguins!
PhotoNow!
PictureMover
Pidgin
Plants vs. Zombies
PlayReady PC Runtime amd64
Poker Superstars III
Polar Bowler
Polar Golfer
Portal 2
Portal: First Slice
Portforward Static IP Address 1.0.47
Power2Go
PowerDirector
Project64 1.6
Python 2.7.3
Python 3.3.0
Python Tools for Visual Studio 2012
Q.U.B.E. Demo
QuickTime
Ralink RT2860 Wireless LAN Card
Realm of the Mad God
Realtek High Definition Audio Driver
Recovery Manager
Roxio CinemaNow 2.0
Safari
Samantha Swift and the Hidden Roses of Athena
Security Update for Microsoft .NET Framework 4.5 (KB2729460)
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)
SharpKit
Shutter Island
Sid Meier's Civilization 4
Sid Meier's Civilization IV Colonization
Sid Meier's Civilization V - Demo
Skype™ 6.1
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
Sql Server Customer Experience Improvement Program
Steam
System Requirements Lab CYRI
Team Fortress 2
Telerik Control Panel
Telerik JustDecompile Q2 2012
The Battle for Middle-earth
TI Connect 1.6
Update for (KB2504637)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio 2012 (KB2781514)
Vectorian Giotto 3.0.0
Virtual Families
Virtual Villagers - The Secret City
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio 2012 Prerequisites
Visual Studio 2012 Prerequisites - ENU Language Pack
WD SmartWare
Web Games Player Plugin
Wheel of Fortune 2
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Mobile® Device Handbook
Wizard101
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
3/5/2013 5:17:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD SmartWare Background Service service to connect.
.
==== End Of File ===========================
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.13.2
Run by Jonah at 16:14:09 on 2013-03-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5571 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Users\Ilana\AppData\LocalLow\alotservice\alotservice.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Users\Jonah\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uURLSearchHooks: {f92a9fe4-2850-4198-b9d5-279880e49b16} - <orphaned>
uURLSearchHooks: {f9bbf004-6e40-4019-8214-c43a37e1d058} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [sPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
uRun: [AROReminder] <no file>
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Jonah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jonah\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{983DAAE4-5FFD-466E-B9A9-2B9CB4B070C9} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\zoolag~1\23759~1.138\{16cdf~1\zoolam~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jonah\AppData\Roaming\Mozilla\Firefox\Profiles\ltzf5who.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={C2444CE6-B122-4165-B266-37DDE8B3BA81}&mid=fde7185b62c747d6a95705cc22259942-398be26a01954a61f60114ddf5af937e9e3db655〈=en&ds=AVG&pr=fr&d=2013-01-22 19:31:06&v=14.2.0.1&pid=safeguard&sg=1&sap=hp
FF - prefs.js: keyword.URL - hxxp://mysearch.avg.com/search?cid={C2444CE6-B122-4165-B266-37DDE8B3BA81}&mid=fde7185b62c747d6a95705cc22259942-398be26a01954a61f60114ddf5af937e9e3db655〈=en&ds=AVG&pr=fr&d=2013-01-22 19:31:06&pid=safeguard&sg=1&v=14.0.0.14&sap=ku&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-01-22 19:31; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-1-22 39768]
R2 AlotService;ALOT Update Service;C:\Users\Ilana\AppData\LocalLow\alotservice\alotservice.exe [2012-10-2 255880]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-21 203264]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-1-21 130048]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-9-21 852256]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-9-21 346144]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-9-21 38456]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.0;C:\Windows\System32\drivers\libusb0.sys [2011-1-24 22016]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-27 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-30 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
.
=============== File Associations ===============
.
FileExt: .ini: Applications\vcsexpress.exe="C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\vcsexpress.exe" "%1" [userChoice]
.
=============== Created Last 30 ================
.
2013-03-05 22:41:57 -------- d-----w- C:\Users\Jonah\AppData\Local\{B4A20A0C-5AB9-4FC9-BFA2-509BDC5524BC}
2013-03-03 17:08:47 -------- d-----w- C:\Users\Jonah\AppData\Local\{E9E52506-617C-4672-A30A-F94A534E25AD}
2013-03-02 15:32:51 -------- d-----w- C:\Users\Jonah\AppData\Local\{B0327CEA-B950-4034-89F1-09C8354CD570}
2013-02-27 22:42:09 -------- d-----w- C:\Users\Jonah\AppData\Local\{DB1DF7C9-833A-4864-924E-E14EFF1080D4}
2013-02-27 01:29:55 -------- d-----w- C:\Users\Jonah\AppData\Local\{11766572-A75D-4669-AF28-300242390A54}
2013-02-26 02:44:19 -------- d-----w- C:\Users\Jonah\AppData\Local\{51EEF78B-F921-43BF-A4E1-37043893388D}
2013-02-24 19:40:12 -------- d-----w- C:\Users\Jonah\AppData\Local\{EBF293E7-1BF3-4344-BEB7-177194D60E7B}
2013-02-23 20:50:53 -------- d-----w- C:\Users\Jonah\AppData\Local\{F6ACAF28-0013-48B3-B70F-E5E2A2EA24DC}
2013-02-22 00:51:03 -------- d-----w- C:\Users\Jonah\AppData\Local\{C6B24081-2B4A-470E-BFC3-561250221E63}
2013-02-20 20:55:54 -------- d-----w- C:\Users\Jonah\AppData\Local\{08359B9A-8719-44CE-A314-75206E9EABFA}
2013-02-19 20:24:56 -------- d-----w- C:\Users\Jonah\AppData\Local\{5B4EDA12-84C5-4026-BE67-976BEEE10438}
2013-02-19 01:28:18 -------- d-----w- C:\Users\Jonah\AppData\Local\{5987FACC-776F-4792-BC29-71A379A6081F}
2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 22:23:09 -------- d-----w- C:\Users\Jonah\AppData\Local\{D7FA2ACE-FCAD-411C-9495-9A601D393391}
2013-02-14 00:07:16 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 00:07:16 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 21:21:55 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 21:21:51 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 21:21:47 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 21:21:46 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 21:21:35 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 21:21:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 21:21:34 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 21:21:34 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 21:21:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 21:21:33 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 21:21:13 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-13 21:21:12 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 21:18:14 -------- d-----w- C:\Users\Jonah\AppData\Local\{B8F6320D-3E26-49E2-9E70-882B0D501BDC}
2013-02-12 19:47:57 -------- d-----w- C:\Users\Jonah\AppData\Local\{8C885197-B190-41EE-AB38-FF96A6190CE4}
2013-02-11 22:54:54 -------- d-----w- C:\Users\Jonah\AppData\Local\{E9238DCD-3E96-4300-A8B7-F5D72B95264C}
2013-02-10 18:30:11 -------- d-----w- C:\Users\Jonah\AppData\Local\{21912B9C-0B95-4E14-BC15-1E7C0ED5F47D}
2013-02-09 17:06:10 -------- d-----w- C:\Users\Jonah\AppData\Local\{4006C64C-15B9-4B7F-8449-329DCE5F2FE3}
2013-02-08 19:32:59 -------- d-----w- C:\Users\Jonah\AppData\Local\{AB2CA17A-1A8F-44F1-9765-D3D515999EE9}
2013-02-08 01:06:00 -------- d-----w- C:\Users\Jonah\AppData\Local\{2EBA959D-DCB6-4699-BAA6-8C22D236814C}
2013-02-06 16:49:53 -------- d-----w- C:\Users\Jonah\AppData\Local\{E513CFC2-52D5-4CFB-A840-1B0B60F0085C}
2013-02-05 23:41:30 -------- d-----w- C:\Users\Jonah\AppData\Roaming\.spoutcraft
2013-02-05 23:14:36 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-05 19:13:52 -------- d-----w- C:\Users\Jonah\AppData\Local\{AE9B24FE-F86D-441F-B331-735B8587C873}
2013-02-05 02:16:33 -------- d-----w- C:\Users\Jonah\AppData\Local\{87C9CCCF-E141-4126-838B-C6B8AE17C142}
.
==================== Find3M ====================
.
2013-02-18 23:37:56 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-02-05 23:14:28 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-02-05 23:14:28 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-10 08:28:34 127328 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-07-20 02:38:16 4024320 ----a-w- C:\Program Files (x86)\GUT466C.tmp
.
============= FINISH: 16:16:08.10 ===============
Thanks in advance for looking at this.
-
Thanks for the help. I'll try over there.
-
Hello. Recently, whenever I log into my account on my computer, I receive a system error saying "Could not load C:\Users\Jonah\AppData\Local\ATI\APPS\dhzixr.dll"
I researched this, and figured out that dhzixr.dll is a malicious file, and most likely Malwarebytes went ahead and deleted it during the scan. However, the malware that I seem to have been infected with must have added the dll to my registry right after Malwarebytes got to it. In my ATI folder, I do not have an APPS folder. I was almost thinking of creating a new folder, and creating an empty file called dhzixr.dll to stop the warning prompt on each log in, but I wanted to solve the problem, not cover it up. My computer is Win7, it's a shared computer and this warning does not happen on anyone else's account on this computer. So, I'm here to ask you guys what is the smartest thing to do? Remove the dll from my registry(Never used regedit.exe, I would need help with this)? Do a special type of scan? Spam some other forum with my problems? Any help would be appreciated, If you need anymore information and/or specs I would be happy to supply them. Thank you and have a nice day.
dhzixr.dll
in Resolved Malware Removal Logs
Posted
Everything has been uninstalled. My browser no longer has Java on. I'm backing-up my files right now. Thanks a lot for your help CatByte!