Jump to content

ditchdoctor

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral
  1. It's gone. Everything is working great now. Computer boots up & runs faster also. Thanks for all of the help!
  2. While trying to uninstall ComboFix it's saying that windows cannot find Combofix. I tried to cut & paste it, type it myself with the space after the x & everything & it's still not working.
  3. Finished everything, found one infected file. C:\Users\Jonathon\Downloads\cnet2_BullzipPDFPrinter_4_0_0_463_zip.exe a variant of Win32/InstallCore.D application
  4. Everything went fine. My computer is running like normal now. No more redirecting issues. Here are the 2 requested logs. MBAM Log Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.28.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16540 Jonathon :: JONATHON-LAPTOP [administrator] 4/30/2013 5:01:40 PM mbam-log-2013-04-30 (17-01-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 272231 Time elapsed: 7 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Hijackthis Log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:14:05 PM, on 4/30/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Utilities\KeNotify.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\windows\system32\igfxext.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\CLink\McciTrayApp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AVG\AVG2013\avgcfgex.exe C:\windows\Explorer.exe C:\windows\system32\NOTEPAD.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\windows\notepad.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\windows\system32\SearchFilterHost.exe C:\Users\Jonathon\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe O4 - HKLM\..\Run: [lxdqmon.exe] "C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Z2400 Series\ezprint.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" O4 - HKLM\..\Run: [CLink_McciTrayApp] "C:\Program Files\CLink\McciTrayApp.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [MyTOSHIBA] "C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe O4 - HKCU\..\Run: [PhotoshopElements8SyncAgent] C:\Program Files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe O4 - Startup: Dropbox.lnk = Jonathon\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: CineForm Status.lnk = C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe O23 - Service: lxdqCATSCustConnectService - Lexmark International, Inc. - C:\windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe O23 - Service: lxdq_device - - C:\windows\system32\lxdqcoms.exe O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- End of file - 11162 bytes
  5. Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 9 Adobe Photoshop.com Inspiration Browser Adobe Premiere Elements 9 Adobe Reader 9.1 Adobe Shockwave Player 12.0 Apple Application Support Apple Mobile Device Support Apple Software Update AVG 2013 Bing Bar Bonjour Bullzip PDF Printer 4.0.0.463 Business Contact Manager for Outlook 2007 SP2 CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon Utilities Digital Photo Professional 3.8 Canon Utilities EOS Utility Canon Utilities Original Data Security Tools Canon Utilities PhotoStitch Canon Utilities Picture Style Editor Canon Utilities WFT Utility Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility CCleaner CenturyLink Help Compatibility Pack for the 2007 Office system Coupon Printer for Windows D3DX10 dcmsvc 1.0 Dropbox Elements 9 Organizer Elements STI Installer Facebook Plug-In FlextimePlayer1.0.2 For Win7 Garmin Communicator Plugin Garmin Training Center Garmin USB Drivers Google Chrome Google Earth Google SketchUp 7 Google Toolbar for Firefox Google Toolbar for Internet Explorer Google Update Helper GoPro CineForm Studio 1.1.0 GPL Ghostscript Lite 9.04 iCloud Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager IrfanView (remove only) iTunes Java 7 Update 21 Java Auto Updater Java 6 Update 14 Junk Mail filter update Label@Once 1.0 LeapFrog Connect LeapFrog Tag Plugin Lexmark Z2400 Series Magic DVD Copier V7.1.0 Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Messenger Companion Microsoft Application Error Reporting Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Accounting 2008 Microsoft Office Accounting 2008 Equifax Addin Microsoft Office Accounting 2008 Fixed Asset Manager Microsoft Office Accounting 2008 PayPal Addin Microsoft Office Accounting ADP Payroll Addin Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Small Business Connectivity Components Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft SQL Server 2005 Tools Express Edition Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_CRT_x86 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyPublisher MyToshiba NetZero Launcher Norton Internet Security OGA Notifier 2.0.0048.0 OpenOffice.org 3.2 PlayReady PC Runtime x86 Quickbooks Financial Center QuickTime Realtek 8136 8168 8169 Ethernet Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Realtek WLAN Driver Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition SketchUp 8 Skype Launcher SmartSound Quicktracks for Premiere Elements 9.0 swMSM Synaptics Pointing Device Driver The Extractor Toshiba Application and Driver Installer TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Flash Cards Support Utility TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Online Backup Toshiba Quality Application TOSHIBA Recovery Media Creator TOSHIBA Service Station TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA Supervisor Password TOSHIBA Value Added Package ToshibaRegistration Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) Utility Common Driver VoiceOver Kit Warner Bros. Digital Copy Manager WildTangent Games Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Yahoo! BrowserPlus 2.9.2
  6. No issues running it. I don't appear to have any redirecting going on anymore. ComboFix 13-04-28.01 - Jonathon 04/29/2013 13:22:29.2.1 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1913.1237 [GMT -5:00] Running from: c:\users\Jonathon\Desktop\ComboFix.exe Command switches used :: c:\users\Jonathon\Desktop\CFScript.txt AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-29 ))))))))))))))))))))))))))))))) . . 2013-04-29 18:33 . 2013-04-29 18:33 -------- d-----w- c:\users\NEW\AppData\Local\temp 2013-04-29 18:33 . 2013-04-29 18:33 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-04-29 18:33 . 2013-04-29 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-29 04:30 . 2013-04-29 04:30 -------- d-----w- C:\_OTL 2013-04-29 03:25 . 2013-04-29 18:33 -------- d-----w- c:\users\Jonathon\AppData\Local\temp 2013-04-29 01:29 . 2013-04-29 01:29 -------- d-----w- c:\users\Jonathon\AppData\Roaming\Oracle 2013-04-28 18:44 . 2013-04-29 02:29 -------- d-----w- c:\users\Jonathon\AppData\Local\Garmin 2013-04-25 19:17 . 2013-04-25 19:17 -------- d-----w- c:\program files\Common Files\Java 2013-04-25 19:17 . 2013-04-04 10:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-23 21:56 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 19:15 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 19:14 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-10 19:14 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 19:14 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe 2013-04-10 19:14 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 19:14 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 19:14 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll 2013-04-10 19:13 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-03 02:47 . 2013-04-03 02:47 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-25 19:11 . 2013-01-02 03:34 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-04-25 19:11 . 2011-06-01 22:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-04 19:50 . 2010-05-30 00:43 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-14 21:20 . 2013-01-01 20:27 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-14 21:20 . 2013-01-01 20:27 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-01 15:32 . 2013-03-01 15:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-02-27 04:40 . 2013-02-27 04:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-02-14 08:52 . 2013-02-14 08:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2013-02-12 03:32 . 2013-03-20 20:54 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-08 09:37 . 2013-02-08 09:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2013-02-08 09:37 . 2013-02-08 09:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys 2013-02-08 09:37 . 2013-02-08 09:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2013-02-08 09:37 . 2013-02-08 09:37 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2013-02-08 09:37 . 2013-02-08 09:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Jonathon\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Jonathon\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Jonathon\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 39408] "gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416] "PhotoshopElements8SyncAgent"="c:\program files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe" [2010-09-06 1945536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512] "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984] "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616] "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672] "NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256] "dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440] "lxdqmon.exe"="c:\program files\Lexmark Z2400 Series\lxdqmon.exe" [2008-03-27 656040] "EzPrint"="c:\program files\Lexmark Z2400 Series\ezprint.exe" [2008-03-27 107176] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2013-04-04 887432] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640] "CLink_McciTrayApp"="c:\program files\CLink\McciTrayApp.exe" [2011-08-20 1899520] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-13 4394032] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\Jonathon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Jonathon\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ CineForm Status.lnk - c:\program files\CineForm\Tools\GoProCineFormStatusViewer.exe [2011-10-20 152064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x] R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x] S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x] S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x] S2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe [x] S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x] S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}] 2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-29 14:37 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:28] . 2013-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:28] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local>;*.local TCP: DhcpNameServer = 204.215.43.3 209.26.88.31 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(2732) c:\users\Jonathon\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . Completion time: 2013-04-29 13:34:50 ComboFix-quarantined-files.txt 2013-04-29 18:34 ComboFix2.txt 2013-04-29 03:25 . Pre-Run: 90,517,270,528 bytes free Post-Run: 90,218,795,008 bytes free . - - End Of File - - A9696DEB319A34D8290169D9124CEC27
  7. Gringo, I have finished that & once again it appears that the redirects have stopped. I've opened IE & Chrome & both are working like normal. I opened several different tabs, new windows & everything was fine.
  8. That didn't take long....after opening a few more with Chrome I was redirected here: click.sureonlinefind.com page
  9. It was in both IE & Chrome. I just finished the script & restart & everything appears to be working properly again. I opened several new browser tabs in both & they all went to the correct sites. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Jonathon\Desktop\cmd.bat deleted successfully. C:\Users\Jonathon\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Guest User: Jonathon ->Java cache emptied: 19118460 bytes User: NEW User: Public Total Java Files Cleaned = 18.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 41620 bytes User: Default User ->Flash cache emptied: 0 bytes User: Guest ->Flash cache emptied: 41620 bytes User: Jonathon ->Flash cache emptied: 42709 bytes User: NEW ->Flash cache emptied: 2836 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 04282013_233019
  10. OTL logfile created on: 4/28/2013 10:54:50 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jonathon\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 31.08% Memory free 3.74 Gb Paging File | 2.00 Gb Available in Paging File | 53.59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 223.27 Gb Total Space | 84.35 Gb Free Space | 37.78% Space Free | Partition Type: NTFS Computer Name: JONATHON-LAPTOP | User Name: Jonathon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jonathon\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.) PRC - C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro) PRC - C:\Program Files\CLink\McciTrayApp.exe (Alcatel-Lucent) PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) PRC - C:\Garmin\gStart.exe (GARMIN Corp.) PRC - C:\Windows\System32\lxdqcoms.exe ( ) PRC - C:\Windows\System32\spool\drivers\w32x86\3\lxdqserv.exe (Lexmark International, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\Jonathon\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll () MOD - C:\Users\Jonathon\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll () MOD - C:\Users\Jonathon\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll () MOD - C:\Users\Jonathon\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll () MOD - C:\Users\Jonathon\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.mshtml\90cd5ff2b1d4d11287ddea483d401985\Microsoft.mshtml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll () MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll () MOD - C:\Program Files\Adobe\Elements 9 Organizer\QtPlugins\imageformats\qjpeg4.dll () MOD - C:\Program Files\Adobe\Elements 9 Organizer\QtGui4.dll () MOD - C:\Program Files\Adobe\Elements 9 Organizer\QtCore4.dll () MOD - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll () MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll () MOD - C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll () MOD - C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll () MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll () MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll () MOD - C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll () MOD - C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll () ========== Services (SafeList) ========== SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (AdobeActiveFileMonitor9.0) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (lxdq_device) -- C:\Windows\System32\lxdqcoms.exe ( ) SRV - (lxdqCATSCustConnectService) -- C:\windows\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe () ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (mbr) -- C:\ComboFix\mbr.sys File not found DRV - (catchme) -- C:\Users\Jonathon\AppData\Local\Temp\catchme.sys File not found DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{21E3C95E-752D-45C8-906F-FD0C08F6E88A}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1673599703-80030922-3067972742-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1673599703-80030922-3067972742-1001\..\SearchScopes,DefaultScope = {21E3C95E-752D-45C8-906F-FD0C08F6E88A} IE - HKU\S-1-5-21-1673599703-80030922-3067972742-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1673599703-80030922-3067972742-1001\..\SearchScopes\{0826491D-31CF-4F44-B1A1-D471F1B1CA46}: "URL" = http://search.avg.com/route/?d=4dd8400a&v=7.4.22.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us IE - HKU\S-1-5-21-1673599703-80030922-3067972742-1001\..\SearchScopes\{21E3C95E-752D-45C8-906F-FD0C08F6E88A}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS359US359 IE - HKU\S-1-5-21-1673599703-80030922-3067972742-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1673599703-80030922-3067972742-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1673599703-80030922-3067972742-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Jonathon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jonathon\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jonathon\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jonathon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.2: C:\Users\Jonathon\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/04/30 12:23:46 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Jonathon\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jonathon\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jonathon\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Jonathon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.2 (Enabled) = C:\Users\Jonathon\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Jonathon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: GardenPuzzle - Garden Planner = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbbmmnbhhejifmacegolomcmdggnfc\1_0\ CHR - Extension: Google Drive = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ CHR - Extension: Bubble Shooter - Deluxe = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehebfpjkmkfjlfffcmnejglggpmpgclb\1.5_0\ CHR - Extension: Photo Zoom for Facebook = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\ CHR - Extension: Apple Shooter = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbcjjgkapdombcilbfbjapkbpnocbkcf\2.0.0_0\ CHR - Extension: The QR Code Generator = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.4_0\ CHR - Extension: Awesome Weather Widget [ANTP] = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeepbfnllchoihkoiecpkkekbpfiboc\2013.105.3.0_0\ CHR - Extension: Isoball 3 = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.3.0_0\ CHR - Extension: Anatomy Games = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbplkkegndhkgnendpdhcffamoplajga\1.8_0\ CHR - Extension: Anatomy Games = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbplkkegndhkgnendpdhcffamoplajga\1.8_0\.bak CHR - Extension: Autodesk Homestyler = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0\ CHR - Extension: Evernote Web = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\ CHR - Extension: Awesome New Tab Page = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2013.107.6.0_0\ CHR - Extension: Google Mail Checker = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\ CHR - Extension: Ghostery = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.1_0\ CHR - Extension: Do It (Tomorrow) = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfagjoblnoeagfhfhohcdklnddjaiglo\1.1.0_0\ CHR - Extension: Page Monitor = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd\3.2.10_0\ CHR - Extension: Weather Underground = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\ CHR - Extension: Gmail = C:\Users\Jonathon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/04/28 22:22:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CLink_McciTrayApp] C:\Program Files\CLink\McciTrayApp.exe (Alcatel-Lucent) O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe () O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Z2400 Series\ezprint.exe (Lexmark International Inc.) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [lxdqmon.exe] C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe () O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba) O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKU\S-1-5-21-1673599703-80030922-3067972742-1001..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.) O4 - HKU\S-1-5-21-1673599703-80030922-3067972742-1001..\Run: [MyTOSHIBA] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA) O4 - HKU\S-1-5-21-1673599703-80030922-3067972742-1001..\Run: [PhotoshopElements8SyncAgent] C:\Program Files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\Jonathon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jonathon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1673599703-80030922-3067972742-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1673599703-80030922-3067972742-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1673599703-80030922-3067972742-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.243.228.22 137.118.1.32 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BC67D5C-BEB6-4261-B8EA-D692585E54CA}: DhcpNameServer = 66.243.228.22 137.118.1.32 O18 - Protocol\Handler\linkscanner - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/04/28 22:53:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonathon\Desktop\OTL.exe [2013/04/28 22:25:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/04/28 22:25:12 | 000,000,000 | ---D | C] -- C:\windows\temp [2013/04/28 22:25:12 | 000,000,000 | ---D | C] -- C:\Users\Jonathon\AppData\Local\temp [2013/04/28 22:06:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013/04/28 22:06:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013/04/28 22:06:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013/04/28 21:57:43 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/04/28 21:57:17 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013/04/28 21:56:03 | 005,060,730 | R--- | C] (Swearware) -- C:\Users\Jonathon\Desktop\ComboFix.exe [2013/04/28 21:33:37 | 000,000,000 | ---D | C] -- C:\Users\Jonathon\Desktop\RK_Quarantine [2013/04/28 20:29:35 | 000,000,000 | ---D | C] -- C:\Users\Jonathon\AppData\Roaming\Oracle [2013/04/28 17:51:55 | 000,000,000 | ---D | C] -- C:\Users\Jonathon\AppData\Local\{4296AA46-65C3-4EDB-99AC-317E810562E0} [2013/04/28 13:44:11 | 000,000,000 | ---D | C] -- C:\Users\Jonathon\AppData\Local\Garmin [2013/04/26 11:12:13 | 000,000,000 | ---D | C] -- C:\Users\Jonathon\AppData\Local\{BA4D8F68-D54F-4946-A552-5855056FE044} [2013/04/25 21:12:42 | 000,000,000 | ---D | C] -- C:\Users\Jonathon\AppData\Local\{4973E799-5C2D-4B77-A202-2D1C7EF6C26E} [2013/04/25 14:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/04/25 14:17:24 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [2013/04/25 14:17:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2013/04/25 14:17:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe [2013/04/23 16:48:58 | 000,000,000 | ---D | C] -- C:\Users\Jonathon\AppData\Local\{F217F35C-8249-4FC7-8D96-6E98D8DA1D2E} [2013/04/19 10:18:58 | 000,000,000 | ---D | C] -- C:\Users\Jonathon\AppData\Local\{8850016F-91C9-4E08-A7E5-E05C7968B6D1} [2013/04/18 10:59:20 | 000,000,000 | ---D | C] -- C:\Users\Jonathon\AppData\Local\{A4E6A325-89D9-4C74-A7AE-1F047B0523F1} [2013/04/11 10:50:29 | 000,000,000 | ---D | C] -- C:\Users\Jonathon\AppData\Local\{96E95267-0D40-4FD2-8549-B244B0FBA71D} [2013/04/10 23:37:54 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2013/04/10 23:37:52 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2013/04/10 23:37:52 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2013/04/10 23:37:52 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll [2013/04/10 23:37:52 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2013/04/10 23:37:51 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2013/04/10 23:37:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll [2013/04/10 23:37:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe [2013/04/10 23:37:51 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe [2013/04/10 23:37:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll [2013/04/10 14:15:20 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2013/04/10 14:14:46 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2013/04/10 14:14:46 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2013/04/10 14:14:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\csrsrv.dll [2013/04/10 14:14:00 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll [2013/04/10 14:13:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll [2013/04/09 20:43:38 | 000,000,000 | ---D | C] -- C:\Users\Jonathon\AppData\Local\{00D686B7-411B-491C-B053-1073682B1E2B} [2013/04/08 08:29:30 | 000,000,000 | ---D | C] -- C:\Users\Jonathon\AppData\Local\{6977443E-5125-43CC-9AD0-186489811C81} [2013/04/05 10:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013/04/05 10:43:31 | 000,000,000 | ---D | C] -- C:\Users\Jonathon\AppData\Local\{5CF82E26-EADF-4B73-B35A-2DE01E68F63D} [2013/04/04 09:16:19 | 000,000,000 | ---D | C] -- C:\Users\Jonathon\AppData\Local\{F0FC7A39-5055-4EA7-BB61-7642C8C39647} [2013/04/02 21:49:15 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe [2013/04/02 21:49:15 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\elshyph.dll [2013/04/02 21:49:14 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll [2013/04/02 21:49:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll [2013/04/02 21:49:13 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll [2013/04/02 21:49:12 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe [2013/04/02 21:49:12 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe [2013/04/02 21:49:11 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2013/04/02 21:49:10 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll [2013/04/02 21:49:10 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll [2013/04/02 21:49:10 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2013/04/02 21:49:10 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll [2013/04/02 21:49:10 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe [2013/04/02 21:49:09 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll [2013/04/02 21:49:09 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe [2013/04/02 21:49:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll [2013/04/02 21:49:06 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat [2013/04/02 21:49:06 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll [2013/04/02 21:49:06 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec [2013/04/02 21:49:06 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll [2013/04/02 21:49:06 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll [2013/04/02 21:49:05 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll [2013/04/02 21:49:05 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2013/04/02 21:49:05 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2013/04/02 21:49:04 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2013/04/02 21:49:04 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll [2013/04/02 21:47:58 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/04/02 21:47:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/04/02 21:47:58 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/04/02 21:47:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013/04/02 21:47:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013/04/02 21:47:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/04/02 21:47:57 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll [2013/04/02 21:47:57 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll [2013/04/02 21:47:57 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/04/02 21:47:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/04/02 21:47:57 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/04/02 21:47:56 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll [2013/04/02 21:47:56 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll [2013/04/02 21:47:56 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll [2013/04/02 21:47:55 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll [2013/04/02 21:47:55 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll [2013/04/02 21:47:54 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll [2013/04/02 21:47:54 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll [2013/04/02 21:47:53 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll [2013/04/02 21:47:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll [2013/04/02 21:47:52 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll [2013/04/02 21:47:52 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll [2013/04/02 21:47:51 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll [2013/04/02 21:47:51 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll [2013/04/02 21:47:50 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll [2013/04/01 19:28:44 | 000,000,000 | ---D | C] -- C:\Users\Jonathon\AppData\Local\{DEBE0FDF-FBA7-4770-A9A5-329637F0017D} [2013/03/30 21:52:19 | 000,000,000 | ---D | C] -- C:\Users\Jonathon\AppData\Local\{F7E18321-6C54-49DA-825B-0AB3AEA481C7} [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/04/28 22:58:06 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/04/28 22:53:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathon\Desktop\OTL.exe [2013/04/28 22:22:03 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts [2013/04/28 22:08:04 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1673599703-80030922-3067972742-1001UA.job [2013/04/28 21:56:13 | 005,060,730 | R--- | M] (Swearware) -- C:\Users\Jonathon\Desktop\ComboFix.exe [2013/04/28 21:35:24 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/28 21:35:24 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/28 21:27:39 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/04/28 21:27:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/04/28 21:27:05 | 1504,354,304 | -HS- | M] () -- C:\hiberfil.sys [2013/04/28 20:17:07 | 000,022,628 | ---- | M] () -- C:\Users\Jonathon\Documents\cc_20130428_201620 CC Backup 4 28 13.reg [2013/04/28 16:08:09 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1673599703-80030922-3067972742-1001Core.job [2013/04/25 14:11:10 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013/04/25 14:11:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013/04/22 17:05:20 | 001,089,012 | ---- | M] () -- C:\Users\Jonathon\Documents\michis ladder grocery shopping.pdf [2013/04/16 15:53:49 | 000,662,068 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013/04/16 15:53:49 | 000,121,224 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013/04/11 10:47:53 | 000,447,848 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013/04/07 07:52:19 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf [2013/04/05 10:53:11 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2013/04/04 05:35:08 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [2013/04/04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2013/04/04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe [2013/04/02 21:49:15 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe [2013/04/02 21:49:15 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\elshyph.dll [2013/04/02 21:49:14 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll [2013/04/02 21:49:13 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll [2013/04/02 21:49:13 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll [2013/04/02 21:49:12 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe [2013/04/02 21:49:12 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe [2013/04/02 21:49:11 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2013/04/02 21:49:10 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll [2013/04/02 21:49:10 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll [2013/04/02 21:49:10 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2013/04/02 21:49:10 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll [2013/04/02 21:49:10 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe [2013/04/02 21:49:09 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll [2013/04/02 21:49:09 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe [2013/04/02 21:49:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll [2013/04/02 21:49:06 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat [2013/04/02 21:49:06 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll [2013/04/02 21:49:06 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec [2013/04/02 21:49:06 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll [2013/04/02 21:49:06 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll [2013/04/02 21:49:05 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll [2013/04/02 21:49:05 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2013/04/02 21:49:05 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll [2013/04/02 21:49:05 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf [2013/04/02 21:49:04 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2013/04/02 21:49:04 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll [2013/04/02 21:47:58 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/04/02 21:47:58 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/04/02 21:47:58 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/04/02 21:47:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013/04/02 21:47:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013/04/02 21:47:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/04/02 21:47:57 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll [2013/04/02 21:47:57 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll [2013/04/02 21:47:57 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/04/02 21:47:57 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/04/02 21:47:57 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/04/02 21:47:56 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll [2013/04/02 21:47:56 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll [2013/04/02 21:47:56 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll [2013/04/02 21:47:55 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll [2013/04/02 21:47:55 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll [2013/04/02 21:47:54 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll [2013/04/02 21:47:54 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll [2013/04/02 21:47:53 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll [2013/04/02 21:47:53 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll [2013/04/02 21:47:52 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll [2013/04/02 21:47:52 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll [2013/04/02 21:47:51 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll [2013/04/02 21:47:51 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll [2013/04/02 21:47:50 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/04/28 22:06:57 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013/04/28 22:06:57 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013/04/28 22:06:57 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013/04/28 22:06:57 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013/04/28 22:06:57 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013/04/28 20:16:44 | 000,022,628 | ---- | C] () -- C:\Users\Jonathon\Documents\cc_20130428_201620 CC Backup 4 28 13.reg [2013/04/22 17:05:02 | 001,089,012 | ---- | C] () -- C:\Users\Jonathon\Documents\michis ladder grocery shopping.pdf [2013/04/07 07:52:19 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf [2013/04/02 21:49:05 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf [2012/07/31 08:40:01 | 000,000,258 | RHS- | C] () -- C:\Users\Jonathon\ntuser.pol [2011/05/30 09:04:37 | 000,012,928 | -HS- | C] () -- C:\Users\Jonathon\AppData\Local\k53phh05m63xl61w50p78u3805prg [2011/05/30 09:04:37 | 000,001,334 | -HS- | C] () -- C:\ProgramData\k53phh05m63xl61w50p78u3805prg [2011/04/30 09:08:08 | 000,001,509 | ---- | C] () -- C:\Users\Jonathon\AppData\Roaming\A5CE.0B6 [2011/04/12 19:09:51 | 000,001,280 | -HS- | C] () -- C:\Users\Jonathon\AppData\Local\2665498950 [2010/04/29 19:34:07 | 000,003,584 | ---- | C] () -- C:\Users\Jonathon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/12 14:41:00 | 000,004,096 | -H-- | C] () -- C:\Users\Jonathon\AppData\Local\keyfile3.drm [2010/02/02 08:10:20 | 000,453,024 | ---- | C] () -- C:\Users\Jonathon\setup.exe [2010/02/02 08:09:26 | 135,558,563 | ---- | C] () -- C:\Users\Jonathon\openofficeorg1.cab [2010/02/02 08:09:06 | 010,177,536 | ---- | C] () -- C:\Users\Jonathon\openofficeorg32.msi [2009/12/30 15:05:30 | 000,000,238 | ---- | C] () -- C:\Users\Jonathon\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >
  11. Well, after doing some more browsing online it appears I am still being redirected occasionally.
  12. I was having redirect issues from exploit.drop.9 Everything appears to be working normal now, new pages are opening up to correct websites ComboFix 13-04-28.01 - Jonathon 04/28/2013 22:10:20.1.1 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1913.1062 [GMT -5:00] Running from: c:\users\Jonathon\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\2665498950 c:\programdata\ras_0oed.pad c:\programdata\reyalpclv.pad c:\programdata\SPL10C2.tmp c:\programdata\SPL11FA.tmp c:\programdata\SPL1756.tmp c:\programdata\SPL2EC.tmp c:\programdata\SPL34A.tmp c:\programdata\SPL52EF.tmp c:\programdata\SPL532E.tmp c:\programdata\SPL581D.tmp c:\programdata\SPLCFA.tmp c:\programdata\SPLE10B.tmp c:\programdata\SPLEFE9.tmp c:\programdata\SPLF372.tmp c:\programdata\SPLF3C.tmp c:\programdata\SPLF9D8.tmp c:\programdata\SPLFAA3.tmp c:\programdata\SPLFBEA.tmp c:\programdata\SPLFE6B.tmp c:\programdata\SPLFFF0.tmp c:\users\Jonathon\AppData\Local\ktm.exe c:\users\Public\invokesi.exe . . ((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-29 ))))))))))))))))))))))))))))))) . . 2013-04-29 01:29 . 2013-04-29 01:29 -------- d-----w- c:\users\Jonathon\AppData\Roaming\Oracle 2013-04-28 18:44 . 2013-04-29 02:29 -------- d-----w- c:\users\Jonathon\AppData\Local\Garmin 2013-04-25 19:17 . 2013-04-25 19:17 -------- d-----w- c:\program files\Common Files\Java 2013-04-25 19:17 . 2013-04-04 10:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-23 21:56 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 19:15 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 19:14 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-10 19:14 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 19:14 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe 2013-04-10 19:14 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 19:14 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 19:14 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll 2013-04-10 19:13 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-03 02:47 . 2013-04-03 02:47 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-25 19:11 . 2013-01-02 03:34 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-04-25 19:11 . 2011-06-01 22:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-04 19:50 . 2010-05-30 00:43 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-14 21:20 . 2013-01-01 20:27 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-14 21:20 . 2013-01-01 20:27 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-01 15:32 . 2013-03-01 15:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-02-27 04:40 . 2013-02-27 04:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-02-14 08:52 . 2013-02-14 08:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2013-02-12 03:32 . 2013-03-20 20:54 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-08 09:37 . 2013-02-08 09:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2013-02-08 09:37 . 2013-02-08 09:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys 2013-02-08 09:37 . 2013-02-08 09:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2013-02-08 09:37 . 2013-02-08 09:37 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2013-02-08 09:37 . 2013-02-08 09:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Jonathon\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Jonathon\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Jonathon\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 39408] "gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416] "PhotoshopElements8SyncAgent"="c:\program files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe" [2010-09-06 1945536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512] "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984] "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616] "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672] "NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256] "dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440] "lxdqmon.exe"="c:\program files\Lexmark Z2400 Series\lxdqmon.exe" [2008-03-27 656040] "EzPrint"="c:\program files\Lexmark Z2400 Series\ezprint.exe" [2008-03-27 107176] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2013-04-04 887432] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640] "CLink_McciTrayApp"="c:\program files\CLink\McciTrayApp.exe" [2011-08-20 1899520] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-13 4394032] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\Jonathon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Jonathon\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ CineForm Status.lnk - c:\program files\CineForm\Tools\GoProCineFormStatusViewer.exe [2011-10-20 152064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x] R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x] S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x] S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x] S2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe [x] S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x] S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - TRUESIGHT *Deregistered* - TrueSight . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}] 2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:28] . 2013-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 21:28] . 2013-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1673599703-80030922-3067972742-1001Core.job - c:\users\Jonathon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-18 23:06] . 2013-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1673599703-80030922-3067972742-1001UA.job - c:\users\Jonathon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-18 23:06] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local>;*.local TCP: DhcpNameServer = 66.243.228.22 137.118.1.32 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-28 22:25:09 ComboFix-quarantined-files.txt 2013-04-29 03:25 . Pre-Run: 90,762,878,976 bytes free Post-Run: 90,597,351,424 bytes free . - - End Of File - - 64FA4569E4CCCDE1BA716EEA45796B6D
  13. I have AVG 2013, I temporarily disabled it & started running ComboFix. It popped up that it detected Antivirus & Antispyware AVG 2011. How do I go about finding that to disable it?
  14. RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Jonathon [Admin rights] Mode : Remove -- Date : 04/28/2013 21:38:51 | ARK || FAK || MBR | ¤¤¤ Bad processes : 4 ¤¤¤ [DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Jonathon\AppData\Local\Garmin\qfknpmwc.dll [x] -> UNLOADED [DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Jonathon\AppData\Local\{EA05F407-7897-49B8-AA2F-0B06D61DEFEC}\{7DF594EE-3235-4905-9E97-F26AE8FADE44}\kdpcoxvjb.dll [x] -> UNLOADED [DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Jonathon\AppData\Local\{EA05F407-7897-49B8-AA2F-0B06D61DEFEC}\{7DF594EE-3235-4905-9E97-F26AE8FADE44}\kdpcoxvjb.dll [x] -> KILLED [TermProc] [DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Jonathon\AppData\Local\Garmin\qfknpmwc.dll [x] -> KILLED [TermProc] ¤¤¤ Registry Entries : 7 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : {7DF594EE-3235-4905-9E97-F26AE8FADE44} (rundll32 "C:\Users\Jonathon\AppData\Local\{EA05F407-7897-49B8-AA2F-0B06D61DEFEC}\{7DF594EE-3235-4905-9E97-F26AE8FADE44}\kdpcoxvjb.dll",DllRegisterServer) [-] -> DELETED [RUN][sUSP PATH] HKCU\[...]\Run : Garmin (RUNDLL32.EXE C:\Users\Jonathon\AppData\Local\Garmin\qfknpmwc.dll,lwngamnqwi) [x] -> DELETED [TASK][sUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> DELETED [TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Jonathon\AppData\Local\Temp\IHU2A5A.tmp.exe [x] -> DELETED [TASK][sUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS543225L9SA00 +++++ --- User --- [MBR] fe010bc855da5228d96aff91eaf24da8 [bSP] faeb527e18b9aae1fff1dad991a62111 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228633 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471314432 | Size: 8341 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_04282013_02d2138.txt >> RKreport[1]_S_04282013_02d2137.txt ; RKreport[2]_D_04282013_02d2138.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.