csingh07's Content - Malwarebytes Forums

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

csingh07 replied to csingh07's topic in Resolved Malware Removal Logs

There were no threats, so I did not have any contents to save. I had to load this in safe mode, however, because I kept getting the blue screen of death when I tried to install this during a normal windows session. I don't know if it is because it is conflicting with my current kaspersky protection or if something else is going on...

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

csingh07 replied to csingh07's topic in Resolved Malware Removal Logs

That's all that's on my combofix log file...

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

csingh07 replied to csingh07's topic in Resolved Malware Removal Logs

ComboFix 13-08-14.02 - Chris 08/14/2013 18:27:37.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6038.3233 [GMT -5:00] Running from: C:\Users\Chris\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\ProgramData\PCDr\6280\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll C:\Users\Chris\AppData\Local\Temp\_MEI22442\_ctypes.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\_elementtree.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\_hashlib.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\_multiprocessing.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\_socket.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\_ssl.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\pyexpat.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\pysqlite2._sqlite.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\python27.dll C:\Users\Chris\AppData\Local\Temp\_MEI22442\pythoncom27.dll C:\Users\Chris\AppData\Local\Temp\_MEI22442\PyWinTypes27.dll C:\Users\Chris\AppData\Local\Temp\_MEI22442\select.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\unicodedata.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\win32api.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\win32com.shell.shell.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\win32crypt.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\win32event.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\win32file.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\win32inet.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\win32pdh.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\win32process.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\win32profile.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\win32security.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\win32ts.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\windows._cacheinvalidation.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\wx._controls_.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\wx._core_.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\wx._gdi_.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\wx._html2.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\wx._misc_.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\wx._windows_.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\wx._wizard.pyd C:\Users\Chris\AppData\Local\Temp\_MEI22442\wxbase294u_net_vc90.dll C:\Users\Chris\AppData\Local\Temp\_MEI22442\wxbase294u_vc90.dll C:\Users\Chris\AppData\Local\Temp\_MEI22442\wxmsw294u_adv_vc90.dll C:\Users\Chris\AppData\Local\Temp\_MEI22442\wxmsw294u_core_vc90.dll C:\Users\Chris\AppData\Local\Temp\_MEI22442\wxmsw294u_html_vc90.dll C:\Users\Chris\AppData\Local\Temp\_MEI22442\wxmsw294u_webview_vc90.dll ((((((((((((((((((((((((( Files Created from 2013-07-14 to 2013-08-14 ))))))))))))))))))))))))))))))) 2013-08-14 23:33:48 . 2013-08-14 23:33:48 -------- d-----w- C:\Users\Mcx1-CHRIS-DELLPC\AppData\Local\temp 2013-08-14 23:33:48 . 2013-08-14 23:33:48 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-08-13 02:57:56 . 2009-01-25 18:14:02 17272 ----a-w- C:\Windows\system32\sdnclean64.exe 2013-08-13 02:57:52 . 2013-08-13 02:59:52 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-08-10 01:56:11 . 2013-07-02 08:34:27 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{181712E6-3D99-4C53-913E-72C2E7035F1C}\mpengine.dll 2013-08-02 22:08:13 . 2013-08-02 22:08:13 -------- d-----w- C:\Windows\ERUNT 2013-08-01 13:35:53 . 2013-08-01 13:35:53 -------- d-----w- C:\Program Files (x86)\ESET 2013-07-30 15:53:00 . 2013-07-30 15:53:05 -------- d-----w- C:\Program Files (x86)\WOW Slider 2013-07-30 02:31:04 . 2013-07-30 02:31:04 388096 ----a-r- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-07-30 02:31:04 . 2013-07-30 02:31:04 -------- d-----w- C:\Program Files (x86)\Trend Micro 2013-07-23 07:46:19 . 2013-07-23 07:46:19 0 ----a-w- C:\Windows\system32\olepro32.DLL 2013-07-23 07:46:19 . 2013-07-23 07:46:19 0 ----a-w- C:\Windows\system32\MSVBVM60.DLL 2013-07-23 07:46:18 . 2013-07-23 07:46:18 0 ----a-w- C:\Windows\system32\igdumdx32.dll 2013-07-23 07:46:18 . 2013-07-23 07:46:18 0 ----a-w- C:\Windows\system32\igdumd32.dll 2013-07-23 07:46:18 . 2013-07-23 07:46:18 0 ----a-w- C:\Windows\system32\igd10umd32.dll 2013-07-23 07:19:15 . 2012-07-27 02:02:02 173504 ----a-w- C:\Windows\system32\drivers\tmcomm.sys 2013-07-20 18:06:15 . 2013-07-20 18:08:37 -------- d-----w- C:\Windows\system32\MRT 2013-07-17 02:05:55 . 2013-07-17 02:05:55 -------- d-----w- C:\Riot Games 2013-07-17 02:04:33 . 2013-07-17 02:06:26 -------- d-----w- C:\Users\Chris\AppData\Roaming\Riot Games . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-06-24 05:57:12 . 2011-12-08 01:38:46 78277128 ----a-w- C:\Windows\system32\MRT.exe 2013-06-20 02:42:59 . 2012-06-08 17:38:10 54368 ----a-w- C:\Windows\system32\drivers\kltdi.sys 2013-06-11 23:57:11 . 2012-04-04 23:09:55 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-11 23:57:11 . 2011-10-08 17:33:04 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-11 23:43:37 . 2013-07-13 20:52:09 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-06-11 23:43:00 . 2013-07-13 20:52:10 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-06-11 23:42:58 . 2013-07-13 20:52:12 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-06-11 23:42:58 . 2013-07-13 20:52:12 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-06-11 23:26:36 . 2013-07-13 20:52:12 51712 ----a-w- C:\Windows\system32\ie4uinit.exe 2013-06-11 23:26:20 . 2013-07-13 20:52:08 2241024 ----a-w- C:\Windows\system32\wininet.dll 2013-06-11 23:26:13 . 2013-07-13 20:52:10 1365504 ----a-w- C:\Windows\system32\urlmon.dll 2013-06-11 23:25:30 . 2013-07-13 20:52:06 19238912 ----a-w- C:\Windows\system32\mshtml.dll 2013-06-11 23:25:29 . 2013-07-13 20:52:11 603136 ----a-w- C:\Windows\system32\msfeeds.dll 2013-06-11 23:25:16 . 2013-07-13 20:52:11 855552 ----a-w- C:\Windows\system32\jscript.dll 2013-06-11 23:25:16 . 2013-07-13 20:52:11 3958784 ----a-w- C:\Windows\system32\jscript9.dll 2013-06-11 23:25:16 . 2013-07-13 20:52:09 53248 ----a-w- C:\Windows\system32\jsproxy.dll 2013-06-11 23:25:13 . 2013-07-13 20:52:13 526336 ----a-w- C:\Windows\system32\ieui.dll 2013-06-11 23:25:13 . 2013-07-13 20:52:12 67072 ----a-w- C:\Windows\system32\iesetup.dll 2013-06-11 23:25:13 . 2013-07-13 20:52:12 39936 ----a-w- C:\Windows\system32\iernonce.dll 2013-06-11 23:25:13 . 2013-07-13 20:52:12 2648576 ----a-w- C:\Windows\system32\iertutil.dll 2013-06-11 23:25:13 . 2013-07-13 20:52:12 136704 ----a-w- C:\Windows\system32\iesysprep.dll 2013-06-11 23:25:13 . 2013-07-13 20:52:07 15404032 ----a-w- C:\Windows\system32\ieframe.dll 2013-06-11 22:51:45 . 2013-07-13 20:52:12 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-06-11 22:50:58 . 2013-07-13 20:52:12 89600 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe 2013-06-07 03:22:18 . 2013-07-13 20:52:13 2706432 ----a-w- C:\Windows\system32\mshtml.tlb 2013-06-07 02:37:52 . 2013-07-13 20:52:13 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-06-05 03:34:27 . 2013-07-11 02:09:21 3153920 ----a-w- C:\Windows\system32\win32k.sys 2013-06-04 06:00:13 . 2013-07-11 02:09:03 624128 ----a-w- C:\Windows\system32\qedit.dll 2013-06-04 04:53:07 . 2013-07-11 02:09:03 509440 ----a-w- C:\Windows\SysWow64\qedit.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36:40 130736 ----a-w- C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36:40 130736 ----a-w- C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36:40 130736 ----a-w- C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe" [2013-06-07 04:57:24 19676256] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2013-06-21 14:58:32 19875432] "Akamai NetSession Interface"="C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 06:01:52 4489472] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 15:39:14 503942] "RoxWatchTray"="C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 10:33:58 240112] "AccuWeatherWidget"="C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 23:18:16 885760] "CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 16:18:54 1185112] "AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-12-06 01:01:15 356376] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 12:32:50 253816] "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 02:43:52 59720] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576] "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2013-05-01 08:59:04 421888] "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 16:56:02 152392] "AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 21:26:58 1073312] "SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 16:19:26 5624784] C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968] Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2013-6-26 389016] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [x] R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe;C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x] R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys;C:\Windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [x] R3 dc3d;MS Hardware Device Detection Driver (USB);C:\Windows\system32\DRIVERS\dc3d.sys;C:\Windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 epmntdrv;epmntdrv;C:\Windows\system32\epmntdrv.sys;C:\Windows\SYSNATIVE\epmntdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;C:\Windows\system32\EuGdiDrv.sys;C:\Windows\SYSNATIVE\EuGdiDrv.sys [x] R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe;C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [x] R3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys;C:\Windows\SYSNATIVE\drivers\Impcd.sys [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys;C:\Windows\SYSNATIVE\drivers\intelaud.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\system32\DRIVERS\PcaSp60.sys;C:\Windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;C:\Windows\system32\DRIVERS\point64.sys;C:\Windows\SYSNATIVE\DRIVERS\point64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys;C:\Windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [x] S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys;C:\Windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys;C:\Windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys;C:\Windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 kltdi;kltdi;C:\Windows\system32\DRIVERS\kltdi.sys;C:\Windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 kneps;kneps;C:\Windows\system32\DRIVERS\kneps.sys;C:\Windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x] S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x] S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x] S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE;C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x] S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys;C:\Windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys;C:\Windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x] S3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\system32\drivers\btmaud.sys;C:\Windows\SYSNATIVE\drivers\btmaud.sys [x] S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys;C:\Windows\SYSNATIVE\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys;C:\Windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys;C:\Windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x] S3 easytether;easytether;C:\Windows\system32\DRIVERS\easytthr.sys;C:\Windows\SYSNATIVE\DRIVERS\easytthr.sys [x] S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys;C:\Windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys;C:\Windows\SYSNATIVE\DRIVERS\iwdbus.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\system32\DRIVERS\klkbdflt.sys;C:\Windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys;C:\Windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys;C:\Windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys;C:\Windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-08-13 02:40:40 1173456 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe Contents of the 'Scheduled Tasks' folder 2013-08-14 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:09:55 . 2013-06-11 23:57:11] 2013-08-14 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-06 14:40:00 . 2012-05-06 14:39:59] 2013-08-14 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-06 14:40:00 . 2012-05-06 14:39:59] 2013-08-14 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2789552693-1038001729-2592716076-1000Core.job - C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-08 04:13:07 . 2012-04-08 04:13:05] 2013-08-14 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2789552693-1038001729-2592716076-1000UA.job - C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-08 04:13:07 . 2012-04-08 04:13:05] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36:40 164016 ----a-w- C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36:40 164016 ----a-w- C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36:40 164016 ----a-w- C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36:40 164016 ----a-w- C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-06-07 04:57:26 778192 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-06-07 04:57:26 778192 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-06-07 04:57:26 778192 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2013-06-07 04:57:26 778192 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-06-07 04:57:26 778192 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-06-07 04:57:26 778192 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 23:48:58 6611048] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2011-04-08 00:27:02 167256] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2011-04-08 00:26:50 391512] "Persistence"="C:\Windows\system32\igfxpers.exe" [2011-04-08 00:26:58 415064] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2011-04-12 23:19:54 609144] "IntelPAN"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 01:51:58 1935120] "BTMTrayAgent"="C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 06:16:30 10365952] "IntelTBRunOnce"="wscript.exe" [2009-07-14 01:39:57 168960] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 01:50:00 2726728] "IntelliType Pro"="c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 22:35:26 1464984] "IntelliPoint"="c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 22:35:26 2075288] "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 11:09:46 446392] ------- Supplementary Scan ------- uLocal Page = C:\Windows\system32\blank.htm mLocal Page = C:\Windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) Notify-SDWinLogon - SDWinLogon.dll AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

csingh07 replied to csingh07's topic in Resolved Malware Removal Logs

I have noticed this is not only for google sites. I will sometimes visit other sites I trust and I get these "unsecure connection" warnings

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

csingh07 replied to csingh07's topic in Resolved Malware Removal Logs

Things still aren't working right. Google sites are still not loading and I keep getting this randomly when I go to google sites: This Connection is Untrusted You have asked Firefox to connect securely to play.google.com, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

csingh07 replied to csingh07's topic in Resolved Malware Removal Logs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.3.0 (08.02.2013:1) OS: Windows 7 Home Premium x64 Ran by Chris on Fri 08/02/2013 at 17:08:17.85 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Chris\AppData\Roaming\opencandy" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{7ED25F6A-B1EA-4EC1-8E46-B1F5B66456E5} Successfully deleted: [Empty Folder] C:\Users\Chris\appdata\local\{A1D21D6C-76BB-4E60-8F95-1DD5A998B66C} ~~~ FireFox Emptied folder: C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\cn055jv3.default\minidumps [168 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 08/02/2013 at 17:23:51.11 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

csingh07 replied to csingh07's topic in Resolved Malware Removal Logs

# AdwCleaner v2.306 - Logfile created 08/02/2013 at 21:46:22 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Chris - CHRIS-DELLPC # Boot Mode : Normal # Running from : C:\Users\Chris\Downloads\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\cn055jv3.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1036 octets] - [02/08/2013 21:45:28] AdwCleaner[s1].txt - [973 octets] - [02/08/2013 21:46:22] ########## EOF - C:\AdwCleaner[s1].txt - [1032 octets] ##########

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

csingh07 replied to csingh07's topic in Resolved Malware Removal Logs

Unfortunately still not as well as they could be. There are certain pages on google that refuse to load which load just fine on my other computer. At least now, it is able to make google searches which is a step up!

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

csingh07 replied to csingh07's topic in Resolved Malware Removal Logs

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

csingh07 replied to csingh07's topic in Resolved Malware Removal Logs

ComboFix 13-07-30.05 - Chris 07/30/2013 22:49:28.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6038.2920 [GMT -5:00] Running from: c:\users\Chris\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\6280\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll c:\programdata\Roaming c:\users\Chris\AppData\Local\Temp\_MEI24202\_ctypes.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\_elementtree.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\_hashlib.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\_multiprocessing.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\_socket.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\_ssl.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\pyexpat.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\pysqlite2._sqlite.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\python27.dll c:\users\Chris\AppData\Local\Temp\_MEI24202\pythoncom27.dll c:\users\Chris\AppData\Local\Temp\_MEI24202\PyWinTypes27.dll c:\users\Chris\AppData\Local\Temp\_MEI24202\select.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\unicodedata.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\win32api.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\win32com.shell.shell.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\win32crypt.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\win32event.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\win32file.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\win32inet.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\win32pdh.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\win32process.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\win32profile.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\win32security.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\win32ts.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\windows._cacheinvalidation.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\wx._controls_.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\wx._core_.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\wx._gdi_.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\wx._html2.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\wx._misc_.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\wx._windows_.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\wx._wizard.pyd c:\users\Chris\AppData\Local\Temp\_MEI24202\wxbase294u_net_vc90.dll c:\users\Chris\AppData\Local\Temp\_MEI24202\wxbase294u_vc90.dll c:\users\Chris\AppData\Local\Temp\_MEI24202\wxmsw294u_adv_vc90.dll c:\users\Chris\AppData\Local\Temp\_MEI24202\wxmsw294u_core_vc90.dll c:\users\Chris\AppData\Local\Temp\_MEI24202\wxmsw294u_html_vc90.dll c:\users\Chris\AppData\Local\Temp\_MEI24202\wxmsw294u_webview_vc90.dll c:\users\Chris\Documents\~WRL1888.tmp . . ((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-31 ))))))))))))))))))))))))))))))) . . 2013-07-31 04:04 . 2013-07-31 04:04 -------- d-----w- c:\users\Mcx1-CHRIS-DELLPC\AppData\Local\temp 2013-07-31 04:04 . 2013-07-31 04:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-30 15:53 . 2013-07-30 15:53 -------- d-----w- c:\program files (x86)\WOW Slider 2013-07-30 07:58 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14A652DF-0D95-4442-B6D7-4A0546281A21}\mpengine.dll 2013-07-30 02:31 . 2013-07-30 02:31 388096 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-07-30 02:31 . 2013-07-30 02:31 -------- d-----w- c:\program files (x86)\Trend Micro 2013-07-23 07:46 . 2013-07-23 07:46 0 ----a-w- c:\windows\system32\olepro32.DLL 2013-07-23 07:46 . 2013-07-23 07:46 0 ----a-w- c:\windows\system32\MSVBVM60.DLL 2013-07-23 07:46 . 2013-07-23 07:46 0 ----a-w- c:\windows\system32\igdumdx32.dll 2013-07-23 07:46 . 2013-07-23 07:46 0 ----a-w- c:\windows\system32\igdumd32.dll 2013-07-23 07:46 . 2013-07-23 07:46 0 ----a-w- c:\windows\system32\igd10umd32.dll 2013-07-23 07:19 . 2012-07-27 02:02 173504 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2013-07-20 18:06 . 2013-07-20 18:08 -------- d-----w- c:\windows\system32\MRT 2013-07-17 02:05 . 2013-07-17 02:05 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin 2013-07-17 02:05 . 2013-07-17 02:05 -------- d-----w- C:\Riot Games 2013-07-17 02:04 . 2013-07-17 02:06 -------- d-----w- c:\users\Chris\AppData\Roaming\Riot Games 2013-07-11 02:09 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-07-11 01:43 . 2006-11-29 02:46 52800 ----a-w- c:\windows\SysWow64\drivers\PCASp50.sys 2013-07-11 01:43 . 2006-11-29 02:46 41280 ----a-w- c:\windows\SysWow64\drivers\PCASp50a64.sys 2013-07-11 01:43 . 2003-04-22 02:46 61440 ----a-w- c:\windows\SysWow64\ASIW32N50.dll 2013-07-11 01:43 . 2002-09-11 00:35 16302 ----a-w- c:\windows\SysWow64\ASINDIS5.sys 2013-07-11 01:43 . 2001-04-16 10:48 15577 ----a-w- c:\windows\SysWow64\ASINDIS3.vxd 2013-07-11 01:43 . 2013-07-11 01:43 -------- d-----w- c:\program files (x86)\ASUS 2013-07-11 01:43 . 2013-07-11 01:43 -------- d-----w- c:\users\Chris\AppData\Roaming\InstallShield 2013-07-11 00:25 . 2010-09-07 06:27 38912 ----a-r- c:\windows\system32\drivers\PcaSp60.sys 2013-07-11 00:25 . 2010-09-07 06:27 38912 ----a-r- c:\windows\SysWow64\drivers\PcaSp60.sys 2013-07-08 14:44 . 2013-07-08 14:44 -------- d-----w- c:\program files (x86)\WinSCP 2013-07-07 23:05 . 2013-07-07 23:05 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2013-07-07 23:02 . 2013-07-07 23:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-24 05:57 . 2011-12-08 01:38 78277128 ----a-w- c:\windows\system32\MRT.exe 2013-06-20 02:42 . 2012-06-08 17:38 54368 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-06-11 23:57 . 2012-04-04 23:09 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-11 23:57 . 2011-10-08 17:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-13 05:51 . 2013-06-12 20:36 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 05:51 . 2013-06-12 20:36 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 05:51 . 2013-06-12 20:36 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 05:50 . 2013-06-12 20:36 52224 ----a-w- c:\windows\system32\certenc.dll 2013-05-13 04:45 . 2013-06-12 20:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-05-13 04:45 . 2013-06-12 20:36 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-05-13 04:45 . 2013-06-12 20:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-05-13 03:43 . 2013-06-12 20:36 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-12 20:36 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-05-13 03:08 . 2013-06-12 20:36 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-05-10 05:49 . 2013-06-12 20:36 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-10 03:20 . 2013-06-12 20:36 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-05-08 13:06 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-08 06:39 . 2013-06-12 20:36 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-02 07:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-07 19676256] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432] "Akamai NetSession Interface"="c:\users\Chris\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-12-06 356376] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] . c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968] Mozilla Thunderbird.lnk - c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe [2013-6-26 389016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 AMPPALP;IntelÆ CentrinoÆ Wireless BluetoothÆ 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 AMPPALR3;IntelÆ CentrinoÆ Wireless BluetoothÆ 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 AMPPAL;IntelÆ CentrinoÆ Wireless BluetoothÆ 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x] S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x] S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easytthr.sys [x] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:57] . 2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-06 14:39] . 2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-06 14:39] . 2013-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2789552693-1038001729-2592716076-1000Core.job - c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-08 04:13] . 2013-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2789552693-1038001729-2592716076-1000UA.job - c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-08 04:13] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-06-07 04:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-06-07 04:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-06-07 04:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2013-06-07 04:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-06-07 04:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-06-07 04:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391512] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 415064] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984] "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\cn055jv3.default\ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2013-07-30 23:23:36 - machine was rebooted ComboFix-quarantined-files.txt 2013-07-31 04:23 . Pre-Run: 257,741,062,144 bytes free Post-Run: 258,350,510,080 bytes free . - - End Of File - - AC0EBB49A0BC9C2008D499FB3F64A52E D41D8CD98F00B204E9800998ECF8427E

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

csingh07 replied to csingh07's topic in Resolved Malware Removal Logs

Hi Maniac, Thanks for the help. Here are my logs for Malwarebytes and RogueKiller Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.07.30.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Chris :: CHRIS-DELLPC [administrator] Protection: Enabled 7/30/2013 10:08:22 AM mbam-log-2013-07-30 (10-08-22).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 245907 Time elapsed: 5 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Chris [Admin rights] Mode : Scan -- Date : 07/30/2013 10:14:59 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++ --- User --- [MBR] 766f35feb751050c1141c93f447de2a9 [bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 590375 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: TOSHIBA MK6475GSX +++++ --- User --- [MBR] 76096c62a8b7700a7420d4086433fec3 [bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32768 | Size: 60890 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_S_07302013_101459.txt >>

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

csingh07 replied to csingh07's topic in Resolved Malware Removal Logs

Thank you so much for any help you can provide! P.S. I am running a Dell Laptop - Windows 7 Home

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

csingh07 posted a topic in Resolved Malware Removal Logs

I own Malwarebytes Pro, have updated it, but it is not picking up any at the time of this posting. As the title says, I have been expeiencing a rather strange problem lately. My google searches and other internetting is running extremely slow, and often times I cannot access any pages on google. I also get messages occasionally after trying to visit a google page that say there is unusual or suspicious network traffic coming from my IP address and requiring me to enter a CAPTCHA image. I have run scans with MALWAREBYTES and my Kaspersky internet essentials but neither are picking up any activity. I have attached my Hijackthis and DDS log files hijackthis.log Attach.txt DDS.txt

Sign In

csingh07

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by csingh07

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

Internet Running Slow, Google saying I have unusual network traffic, other computer works fine!

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information