Jump to content

MyStart Incredibar...help


Recommended Posts

I have a lingering issue with MyStart Incredibar. I have removed all entries via control panel and browser plugins but it's lingering in Chrome and IE9, possibly Firefox but I don't see any indication of that. Unfortunately I already ran Combofix before I knew I wasn't supposed to, so hopefully that won't screw this process up too bad here. I'm running Win 7 x64 Pro. I ran combofix already...hope that's ok.

DDS logs are as follows:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-19.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume4

Install Date: 9/7/2012 10:10:10 PM

System Uptime: 11/3/2012 12:24:28 PM (5 hours ago)

.

Motherboard: ASRock | | Z68 Extreme4 Gen3

Processor: Intel® Core i7-2600K CPU @ 3.40GHz | CPUSocket | 3401/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 74 GiB total, 32.965 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 0 GiB total, 0.069 GiB free.

F: is FIXED (NTFS) - 932 GiB total, 332.296 GiB free.

G: is FIXED (NTFS) - 466 GiB total, 180.57 GiB free.

H: is CDROM ()

I: is Removable

J: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Multimedia Audio Controller

Device ID: PCI\VEN_1412&DEV_1712&SUBSYS_D6341412&REV_02\7&10DABA8B&0&08002000E7

Manufacturer:

Name: Multimedia Audio Controller

PNP Device ID: PCI\VEN_1412&DEV_1712&SUBSYS_D6341412&REV_02\7&10DABA8B&0&08002000E7

Service:

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

µTorrent

7-Zip 9.25 (x64 edition)

Adobe Flash Player 11 Plugin

Alt.Binz 0.39.4

Borderlands 2

CDBurnerXP

Corsair K90 Gaming Keyboard Driver V1.0

Corsair M60 Gaming Mouse Driver V1.0

CPUID CPU-Z 1.61.5

Creative Audio Control Panel

Creative Console Launcher

Creative Diagnostics

Creative Software AutoUpdate

Creative Sound Blaster Properties x64 Edition

dBpoweramp DSP Effects

dBpoweramp Music Converter

Deadlight

Dishonored © Bethesda Softworks version 1

Etron USB3.0 Host Controller

foobar2000 v1.1.15

Foxit Reader

Fraps (remove only)

Google Chrome

Google Talk (remove only)

HashCheck Shell Extension (x86-32)

HashCheck Shell Extension (x86-64)

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

ImgBurn

Intel® OpenCL CPU Runtime

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® Solid-State Drive Toolbox

Internet Download Manager

Java 7 Update 9

Java Auto Updater

Java 6 Update 35

Java 6 Update 35 (64-bit)

K-Lite Codec Pack 9.3.0 (Full)

League of Legends

Left 4 Dead 2

LibreOffice 3.6

Malwarebytes Anti-Malware version 1.65.1.1000

marvell 91xx driver

MediaInfo 0.7.61

Microsoft .NET Framework 4 Client Profile

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 16.0.2 (x86 en-US)

MSI Afterburner 2.2.5

Mumble 1.2.3

Notepad++

NVIDIA Control Panel 306.97

NVIDIA Graphics Driver 306.97

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0604

NVIDIA Update 1.10.8

NVIDIA Update Components

OpenAL

Pando Media Booster

QuickPar 0.9

Realtek High Definition Audio Driver

Recuva

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Skype™ 5.10

Source SDK Base 2007

SSD Tweaker version 2.1.1

System Requirements Lab for Intel

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VirtualCloneDrive

VLC media player 2.0.4

.

==== Event Viewer Messages From Past Week ========

.

10/31/2012 11:02:55 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

10/31/2012 11:02:44 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

.

==== End Of File ===========================

DDS (Ver_2012-10-19.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2

Run by GTI at 17:53:45 on 2012-11-03

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8100.5252 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Eraser\Eraser.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe

C:\Program Files (x86)\Corsair\M60 Mouse\CorsTra.exe

C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_500_104.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_500_104.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.101\deploy\LoLLauncher.exe

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.220\deploy\LolClient.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://mystart.incredibar.com/mb185?a=6OyS1UE0jU&i=26

uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [Corsair M60 Mouse] C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe

mRun: [Corsair laver] C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab

TCP: NameServer = 24.25.5.150 209.18.47.61

TCP: Interfaces\{FE7FE438-F863-41E2-A433-FB88092E6DE8} : DHCPNameServer = 24.25.5.150 209.18.47.61

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\

FF - prefs.js: browser.startup.homepage - hxxp://rlslog.net

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Users\GTI\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_500_104.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-10-11 03:16; mozilla_cc@internetdownloadmanager.com; C:\Users\GTI\AppData\Roaming\IDM\idmmzcc5

FF - ExtSQL: 2012-10-11 17:59; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF - ExtSQL: 2012-10-23 21:40; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2012-10-23 21:41; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

R0 mvs91xx;mvs91xx;C:\Windows\System32\drivers\mvs91xx.sys [2011-4-8 312624]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-8 13632]

R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2012-10-26 160992]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-13 1258856]

R3 CORSGKB;Corsair Gaming Keyboard;C:\Windows\System32\drivers\CORSGKB.sys [2012-9-8 25600]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2011-8-11 230488]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2011-8-11 1494104]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2011-8-11 95320]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-2-8 39936]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-8 64512]

R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2011-8-11 1678936]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\System32\drivers\HECIx64.sys [2010-10-19 56344]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-10-30 13368]

R3 WIMBLEMS;Corsair M60 Gaming Mouse;C:\Windows\System32\drivers\WIMBLEMS.sys [2012-9-8 25600]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-10-10 277024]

S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-9-7 79360]

S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2011-8-11 230488]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2011-8-11 1494104]

S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2011-8-11 95320]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-10-13 102368]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-7 115168]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-30 19456]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-10-13 203104]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-30 57856]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-8 1255736]

.

=============== Created Last 30 ================

.

2012-11-03 16:26:53 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AFE2CD4E-8CB5-4BD6-B78E-9CEF161D9135}\mpengine.dll

2012-11-03 02:40:10 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-02 04:04:45 -------- d-sh--w- C:\$RECYCLE.BIN

2012-11-01 03:00:42 98816 ----a-w- C:\Windows\sed.exe

2012-11-01 03:00:42 256000 ----a-w- C:\Windows\PEV.exe

2012-11-01 03:00:42 208896 ----a-w- C:\Windows\MBR.exe

2012-11-01 02:33:13 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-01 02:33:13 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-30 23:39:19 -------- d-----w- C:\Users\GTI\AppData\Local\Programs

2012-10-26 13:15:35 160992 ----a-w- C:\Windows\System32\drivers\idmwfp.sys

2012-10-24 00:55:32 -------- d-----w- C:\Program Files (x86)\Perion

2012-10-24 00:55:25 829264 ----a-w- C:\Windows\System32\msvcr100.dll

2012-10-24 00:55:25 608080 ----a-w- C:\Windows\System32\msvcp100.dll

2012-10-23 01:16:05 -------- d-----w- C:\Reditr

2012-10-19 21:26:58 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AF05B71F-B655-4787-A31C-8322CDF2653F}\gapaengine.dll

2012-10-18 00:57:13 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-14 07:59:47 -------- d-----w- C:\Users\GTI\AppData\Roaming\Mumble

2012-10-14 07:58:26 -------- d-----w- C:\Program Files (x86)\Mumble

2012-10-13 22:23:50 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys

2012-10-13 22:23:50 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys

2012-10-13 19:53:52 -------- d-----w- C:\ProgramData\RELOADED

2012-10-13 18:05:00 891240 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-10-13 18:05:00 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-10-13 18:05:00 6200680 ----a-w- C:\Windows\System32\nvcpl.dll

2012-10-13 18:05:00 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-10-13 18:05:00 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-10-13 18:05:00 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-10-13 18:05:00 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-10-13 18:04:49 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2012-10-10 23:12:34 -------- d-----w- C:\Users\GTI\AppData\Roaming\AccurateRip

2012-10-10 23:12:30 4779592 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe

2012-10-10 23:12:28 -------- d-----w- C:\Program Files (x86)\Illustrate

2012-10-10 22:39:59 -------- d-----w- C:\Users\GTI\temp

2012-10-10 22:39:58 -------- d-----w- C:\Users\GTI\AppData\Roaming\TeamViewer

2012-10-10 22:31:13 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls

2012-10-10 06:22:42 80384 ----a-w- C:\Windows\System32\igdde64.dll

.

==================== Find3M ====================

.

2012-10-18 00:57:11 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-10-18 00:57:11 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-10-02 22:21:00 973672 ----a-w- C:\Windows\System32\nvumdshimx.dll

2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-16 18:42:54 1174993 ----a-w- C:\Windows\unins001.exe

2012-09-16 18:41:47 1174993 ----a-w- C:\Windows\unins000.exe

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-09-09 01:02:38 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-09-09 01:02:38 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-09-08 05:31:00 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2012-09-08 05:31:00 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe

2012-09-08 05:31:00 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2012-09-08 05:31:00 74752 ----a-w- C:\Windows\SysWow64\iesetup.dll

2012-09-08 05:31:00 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx

2012-09-08 05:31:00 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll

2012-09-08 05:31:00 367104 ----a-w- C:\Windows\SysWow64\html.iec

2012-09-08 05:31:00 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2012-09-08 05:31:00 161792 ----a-w- C:\Windows\SysWow64\msls31.dll

2012-09-08 05:31:00 152064 ----a-w- C:\Windows\SysWow64\wextract.exe

2012-09-08 05:31:00 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe

2012-09-08 05:31:00 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll

2012-09-08 03:24:20 466520 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-09-08 03:24:20 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-09-08 03:24:20 123480 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-09-08 03:24:19 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2012-09-08 03:17:01 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2012-09-08 03:17:01 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-28 14:05:04 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll

2012-08-24 18:13:17 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-08-24 18:09:34 458712 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 18:05:03 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-08-24 18:04:18 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-08-24 18:03:09 1448448 ----a-w- C:\Windows\System32\lsasrv.dll

2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-24 16:57:40 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-08-24 16:57:40 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-08-24 16:57:37 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-08-24 16:53:35 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-23 14:13:11 243200 ----a-w- C:\Windows\System32\rdpudd.dll

2012-08-23 14:10:20 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys

2012-08-23 14:07:35 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys

2012-08-23 13:47:20 46592 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll

2012-08-23 13:46:20 16896 ----a-w- C:\Windows\SysWow64\wksprtPS.dll

2012-08-23 13:41:52 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

2012-08-23 13:40:56 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2012-08-23 13:24:57 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll

2012-08-23 13:20:40 54272 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll

2012-08-23 13:18:14 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2012-08-23 13:17:54 18432 ----a-w- C:\Windows\System32\wksprtPS.dll

2012-08-23 13:06:58 43520 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll

2012-08-23 12:52:53 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2012-08-23 11:20:06 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe

2012-08-23 11:15:57 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll

2012-08-23 11:14:09 384000 ----a-w- C:\Windows\System32\wksprt.exe

2012-08-23 11:12:17 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll

2012-08-23 10:54:24 322560 ----a-w- C:\Windows\System32\aaclient.dll

2012-08-23 10:51:14 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll

2012-08-23 10:39:24 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe

2012-08-23 10:22:22 1123840 ----a-w- C:\Windows\System32\mstsc.exe

2012-08-23 09:51:57 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll

2012-08-23 08:19:01 4916224 ----a-w- C:\Windows\SysWow64\mstscax.dll

2012-08-23 08:13:07 5773824 ----a-w- C:\Windows\System32\mstscax.dll

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

.

============= FINISH: 17:53:51.42 ===============

Link to post
Share on other sites

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

Please post the log made by ComboFix. It can be located at C:\ComboFix.txt

--------

AdwCleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.

aswmbrscan.jpg

Click the image to enlarge it

----------

Link to post
Share on other sites

Jeff, thanks for the reply.

Combofix log:

ComboFix 12-10-31.03 - GTI 10/31/2012 23:01:02.1.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8100.6282 [GMT -4:00]

Running from: f:\download\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\muzapp.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))

.

.

2012-11-01 03:02 . 2012-11-01 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-01 02:59 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{619049A8-E822-4370-9B8F-2FC5085B0D7B}\mpengine.dll

2012-11-01 02:33 . 2012-11-01 02:41 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-01 02:33 . 2012-11-01 02:41 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-31 23:59 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-10-30 23:39 . 2012-10-30 23:39 -------- d-----w- c:\users\GTI\AppData\Local\Programs

2012-10-24 00:55 . 2012-10-24 00:55 -------- d-----w- c:\program files (x86)\Perion

2012-10-24 00:55 . 2011-06-10 23:15 829264 ----a-w- c:\windows\system32\msvcr100.dll

2012-10-24 00:55 . 2011-06-10 23:15 608080 ----a-w- c:\windows\system32\msvcp100.dll

2012-10-23 01:16 . 2012-10-23 01:16 -------- d-----w- C:\Reditr

2012-10-19 21:26 . 2012-09-27 03:35 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF05B71F-B655-4787-A31C-8322CDF2653F}\gapaengine.dll

2012-10-18 00:57 . 2012-10-18 00:57 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-10-18 00:57 . 2012-10-18 00:57 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-18 00:57 . 2012-10-18 00:57 -------- d-----w- c:\programdata\McAfee

2012-10-14 07:59 . 2012-10-14 10:19 -------- d-----w- c:\users\GTI\AppData\Roaming\Mumble

2012-10-14 07:58 . 2012-10-14 07:58 -------- d-----w- c:\program files (x86)\Mumble

2012-10-13 22:23 . 2012-09-20 04:35 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-10-13 22:23 . 2012-09-20 04:35 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-10-13 19:53 . 2012-10-13 19:53 -------- d-----w- c:\programdata\RELOADED

2012-10-13 18:05 . 2012-10-13 18:05 -------- d-----w- c:\users\UpdatusUser

2012-10-13 18:05 . 2012-10-13 18:05 -------- d-----w- c:\programdata\NVIDIA

2012-10-13 18:05 . 2012-10-02 19:51 3536817 ----a-w- c:\windows\system32\nvcoproc.bin

2012-10-13 18:05 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll

2012-10-13 18:05 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll

2012-10-13 18:05 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-10-13 18:05 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-10-13 18:05 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-10-13 18:05 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-10-13 18:04 . 2012-10-13 18:04 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-10-10 23:12 . 2012-10-10 23:12 -------- d-----w- c:\users\GTI\AppData\Roaming\AccurateRip

2012-10-10 23:12 . 2012-10-10 23:12 4779592 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe

2012-10-10 23:12 . 2012-10-10 23:12 -------- d-----w- c:\program files (x86)\Illustrate

2012-10-10 22:39 . 2012-10-10 22:39 -------- d-----w- c:\users\GTI\temp

2012-10-10 22:39 . 2012-10-11 00:25 -------- d-----w- c:\users\GTI\AppData\Roaming\TeamViewer

2012-10-10 22:31 . 2012-10-10 22:31 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls

2012-10-10 09:36 . 2012-09-27 18:07 160992 ----a-w- c:\windows\system32\drivers\idmwfp.sys

2012-10-09 22:55 . 2012-10-09 22:55 -------- d-----w- c:\program files\Recuva

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-18 00:57 . 2012-09-08 03:16 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-10-18 00:57 . 2012-09-08 03:16 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-11 07:00 . 2012-09-08 05:23 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-10 06:22 . 2012-05-21 15:55 12836864 ----a-w- c:\windows\system32\igd10umd64.dll

2012-10-10 06:22 . 2012-03-20 02:17 110592 ----a-w- c:\windows\system32\hccutils.dll

2012-10-10 06:22 . 2012-05-21 14:42 9007616 ----a-w- c:\windows\system32\igfxress.dll

2012-10-10 06:22 . 2012-03-20 02:17 63488 ----a-w- c:\windows\system32\igfxsrvc.dll

2012-10-10 06:22 . 2012-05-21 14:43 386048 ----a-w- c:\windows\system32\igfxpph.dll

2012-10-02 22:21 . 2012-09-08 02:54 973672 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-10-02 22:21 . 2012-09-08 02:54 9146728 ----a-w- c:\windows\system32\nvcuda.dll

2012-10-02 22:21 . 2012-09-08 02:54 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-10-02 22:21 . 2012-09-08 02:54 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-10-02 22:21 . 2012-09-08 02:54 7414632 ----a-w- c:\windows\system32\nvopencl.dll

2012-10-02 22:21 . 2012-09-08 02:54 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-10-02 22:21 . 2012-09-08 02:54 364904 ----a-w- c:\windows\system32\nvEncodeAPI64.dll

2012-10-02 22:21 . 2012-09-08 02:54 313704 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll

2012-10-02 22:21 . 2012-09-08 02:54 2747240 ----a-w- c:\windows\system32\nvcuvid.dll

2012-10-02 22:21 . 2012-09-08 02:54 2731880 ----a-w- c:\windows\system32\nvapi64.dll

2012-10-02 22:21 . 2012-09-08 02:54 26331496 ----a-w- c:\windows\system32\nvoglv64.dll

2012-10-02 22:21 . 2012-09-08 02:54 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-10-02 22:21 . 2012-09-08 02:54 25256296 ----a-w- c:\windows\system32\nvcompiler.dll

2012-10-02 22:21 . 2012-09-08 02:54 247144 ----a-w- c:\windows\system32\nvinitx.dll

2012-10-02 22:21 . 2012-09-08 02:54 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-10-02 22:21 . 2012-09-08 02:54 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-10-02 22:21 . 2012-09-08 02:54 202600 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-10-02 22:21 . 2012-09-08 02:54 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-10-02 22:21 . 2012-09-08 02:54 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-10-02 22:21 . 2012-09-08 02:54 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-10-02 22:21 . 2012-09-08 02:54 1760104 ----a-w- c:\windows\system32\nvdispco64.dll

2012-10-02 22:21 . 2012-09-08 02:54 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-10-02 22:21 . 2012-09-08 02:54 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-10-02 22:21 . 2012-09-08 02:54 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-10-02 22:21 . 2012-09-08 02:54 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-10-02 22:21 . 2012-09-08 02:54 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-10-02 22:21 . 2012-09-08 02:54 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-09-29 23:54 . 2012-09-08 03:19 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-27 03:35 . 2012-09-08 03:21 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-09-16 18:42 . 2012-09-16 18:42 1174993 ----a-w- c:\windows\unins001.exe

2012-09-16 18:41 . 2012-09-16 18:41 1174993 ----a-w- c:\windows\unins000.exe

2012-09-16 01:59 . 2012-09-16 01:59 191472 ----a-w- c:\windows\system32\javaws.exe

2012-09-16 01:59 . 2012-09-16 01:59 172528 ----a-w- c:\windows\system32\javaw.exe

2012-09-16 01:59 . 2012-09-16 01:59 172528 ----a-w- c:\windows\system32\java.exe

2012-09-09 01:02 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-09-09 01:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-09-08 05:31 . 2012-09-08 05:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-09-08 05:31 . 2012-09-08 05:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-09-08 05:31 . 2012-09-08 05:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-09-08 05:31 . 2012-09-08 05:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-09-08 05:31 . 2012-09-08 05:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-09-08 05:31 . 2012-09-08 05:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-09-08 05:31 . 2012-09-08 05:31 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-09-08 05:31 . 2012-09-08 05:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-09-08 05:31 . 2012-09-08 05:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-09-08 05:31 . 2012-09-08 05:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-09-08 05:31 . 2012-09-08 05:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-09-08 05:31 . 2012-09-08 05:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-09-08 05:30 . 2012-09-08 05:30 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-09-08 05:30 . 2012-09-08 05:30 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-09-08 05:30 . 2012-09-08 05:30 89088 ----a-w- c:\windows\system32\ie4uinit.exe

2012-09-08 05:30 . 2012-09-08 05:30 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-09-08 05:30 . 2012-09-08 05:30 82432 ----a-w- c:\windows\system32\icardie.dll

2012-09-08 05:30 . 2012-09-08 05:30 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-09-08 05:30 . 2012-09-08 05:30 65024 ----a-w- c:\windows\system32\pngfilt.dll

2012-09-08 05:30 . 2012-09-08 05:30 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-09-08 05:30 . 2012-09-08 05:30 534528 ----a-w- c:\windows\system32\ieapfltr.dll

2012-09-08 05:30 . 2012-09-08 05:30 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-09-08 05:30 . 2012-09-08 05:30 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-09-08 05:30 . 2012-09-08 05:30 452608 ----a-w- c:\windows\system32\dxtmsft.dll

2012-09-08 05:30 . 2012-09-08 05:30 448512 ----a-w- c:\windows\system32\html.iec

2012-09-08 05:30 . 2012-09-08 05:30 403248 ----a-w- c:\windows\system32\iedkcs32.dll

2012-09-08 05:30 . 2012-09-08 05:30 39936 ----a-w- c:\windows\system32\iernonce.dll

2012-09-08 05:30 . 2012-09-08 05:30 3695416 ----a-w- c:\windows\system32\ieapfltr.dat

2012-09-08 05:30 . 2012-09-08 05:30 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-09-08 05:30 . 2012-09-08 05:30 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-09-08 05:30 . 2012-09-08 05:30 282112 ----a-w- c:\windows\system32\dxtrans.dll

2012-09-08 05:30 . 2012-09-08 05:30 267776 ----a-w- c:\windows\system32\ieaksie.dll

2012-09-08 05:30 . 2012-09-08 05:30 249344 ----a-w- c:\windows\system32\webcheck.dll

2012-09-08 05:30 . 2012-09-08 05:30 222208 ----a-w- c:\windows\system32\msls31.dll

2012-09-08 05:30 . 2012-09-08 05:30 197120 ----a-w- c:\windows\system32\msrating.dll

2012-09-08 05:30 . 2012-09-08 05:30 163840 ----a-w- c:\windows\system32\ieakui.dll

2012-09-08 05:30 . 2012-09-08 05:30 160256 ----a-w- c:\windows\system32\ieakeng.dll

2012-09-08 05:30 . 2012-09-08 05:30 149504 ----a-w- c:\windows\system32\occache.dll

2012-09-08 05:30 . 2012-09-08 05:30 145920 ----a-w- c:\windows\system32\iepeers.dll

2012-09-08 05:30 . 2012-09-08 05:30 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-09-08 05:30 . 2012-09-08 05:30 12288 ----a-w- c:\windows\system32\mshta.exe

2012-09-08 05:30 . 2012-09-08 05:30 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-09-08 05:30 . 2012-09-08 05:30 114176 ----a-w- c:\windows\system32\admparse.dll

2012-09-08 05:30 . 2012-09-08 05:30 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-09-08 05:30 . 2012-09-08 05:30 10752 ----a-w- c:\windows\system32\msfeedssync.exe

2012-09-08 05:30 . 2012-09-08 05:30 103936 ----a-w- c:\windows\system32\inseng.dll

2012-09-08 05:30 . 2012-09-08 05:30 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-09-08 05:30 . 2012-09-08 05:30 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-09-08 05:30 . 2012-09-08 05:30 160256 ----a-w- c:\windows\system32\wextract.exe

2012-09-08 03:24 . 2012-09-08 03:24 466520 ----a-w- c:\windows\system32\wrap_oal.dll

2012-09-08 03:24 . 2012-09-08 03:24 123480 ----a-w- c:\windows\system32\OpenAL32.dll

2012-09-08 03:24 . 2012-09-08 03:24 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-09-08 03:24 . 2012-09-08 03:24 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-09-08 03:17 . 2012-09-08 03:17 916456 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-08 03:17 . 2012-09-08 03:17 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-10 3536320]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 966072]

"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-10-11 842680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"CTxfiHlp"="CTXFIHLP.EXE" [2011-08-12 25600]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]

"Corsair M60 Mouse"="c:\program files (x86)\Corsair\M60 Mouse\M60Hid.exe" [2012-05-22 1766400]

"Corsair laver"="c:\program files (x86)\Corsair\K90 Keyboard\K90Hid.exe" [2012-05-22 1780736]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-10-10 277024]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-09-08 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2011-08-12 230488]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2011-08-12 1494104]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2011-08-12 95320]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-27 115168]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-08 1255736]

S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [2011-04-08 312624]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-05-30 13632]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 160992]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-02 1258856]

S3 CORSGKB;Corsair Gaming Keyboard;c:\windows\system32\drivers\CORSGKB.sys [2012-03-27 25600]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2011-08-12 230488]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2011-08-12 1494104]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2011-08-12 95320]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]

S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2011-08-12 1678936]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-02-14 412712]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2012-09-17 13368]

S3 WIMBLEMS;Corsair M60 Gaming Mouse;c:\windows\system32\drivers\WIMBLEMS.sys [2012-03-27 25600]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1640854216-2499995478-324988698-1000Core.job

- c:\users\GTI\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16 17:45]

.

2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1640854216-2499995478-324988698-1000UA.job

- c:\users\GTI\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16 17:45]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://mystart.incredibar.com/mb185?a=6OyS1UE0jU&i=26

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true

IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

TCP: DhcpNameServer = 24.25.5.150 209.18.47.61

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

FF - ProfilePath - c:\users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\

FF - prefs.js: browser.startup.homepage - hxxp://rlslog.net

FF - ExtSQL: 2012-10-11 03:16; mozilla_cc@internetdownloadmanager.com; c:\users\GTI\AppData\Roaming\IDM\idmmzcc5

FF - ExtSQL: 2012-10-11 17:59; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF - ExtSQL: 2012-10-23 21:40; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2012-10-23 21:41; jid1-xUfzOsOFlzSOXg@jetpack; c:\users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-10-31 23:04:16

ComboFix-quarantined-files.txt 2012-11-01 03:04

.

Pre-Run: 35,814,309,888 bytes free

Post-Run: 36,091,863,040 bytes free

.

- - End Of File - - CE5A0830251D6FCBAA90750EB193AA12

Link to post
Share on other sites

Adw and asw logs are as follows:

# AdwCleaner v2.006 - Logfile created 11/03/2012 at 21:31:01

# Updated 30/10/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : GTI - GTI-PC

# Boot Mode : Normal

# Running from : C:\Users\GTI\Desktop\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software

Key Found : HKCU\Software\IM

Key Found : HKCU\Software\ImInstaller

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}

Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}

Key Found : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Found : HKU\S-1-5-21-1640854216-2499995478-324988698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb185?a=6OyS1UE0jU&i=26

[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true

[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default-1351042774930 [Profil par défaut]

File : C:\Users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\GTI\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.15] : urls_to_restore_on_startup = [ "hxxp://mystart.incredibar.com/mb185?a=6OyS1UE0jU&i=26" ]

Found [l.1717] : urls_to_restore_on_startup = [ "hxxp://mystart.incredibar.com/mb185?a=6OyS1UE0jU&i=26" ]

*************************

AdwCleaner[R1].txt - [4378 octets] - [03/11/2012 21:31:01]

########## EOF - C:\AdwCleaner[R1].txt - [4438 octets] ##########

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-11-03 21:33:49

-----------------------------

21:33:49.334 OS Version: Windows x64 6.1.7601 Service Pack 1

21:33:49.334 Number of processors: 8 586 0x2A07

21:33:49.334 ComputerName: GTI-PC UserName: GTI

21:33:49.502 Initialize success

21:34:27.401 AVAST engine defs: 12110301

21:34:56.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

21:34:56.985 Disk 0 Vendor: INTEL_SS 2CV1 Size: 76319MB BusType: 3

21:34:56.992 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006f

21:34:56.993 Disk 1 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 11

21:34:56.994 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000070

21:34:56.996 Disk 2 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11

21:34:56.997 Disk 0 MBR read successfully

21:34:56.998 Disk 0 MBR scan

21:34:57.000 Disk 0 Windows 7 default MBR code

21:34:57.001 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

21:34:57.003 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848

21:34:57.007 Disk 0 scanning C:\Windows\system32\drivers

21:34:59.029 Service scanning

21:35:03.530 Modules scanning

21:35:03.534 Disk 0 trace - called modules:

21:35:03.536 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

21:35:03.538 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a983790]

21:35:03.540 3 CLASSPNP.SYS[fffff880017cc43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800704b050]

21:35:03.701 AVAST engine scan C:\Windows

21:35:04.175 AVAST engine scan C:\Windows\system32

21:35:47.441 AVAST engine scan C:\Windows\system32\drivers

21:35:49.915 AVAST engine scan C:\Users\GTI

21:36:17.467 AVAST engine scan C:\ProgramData

21:36:20.601 Scan finished successfully

21:36:39.334 Disk 0 MBR has been saved successfully to "C:\Users\GTI\Desktop\MBR.dat"

21:36:39.336 The log file has been saved successfully to "C:\Users\GTI\Desktop\aswMBR.txt"

Link to post
Share on other sites

Hi,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

    ClearJavaCache::
    DDS::
    uStart Page = hxxp://mystart.incredibar.com/mb185?a=6OyS1UE0jU&i=26
    uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
    BHO: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - <orphaned>
    Firefox::
    FF - ProfilePath - C:\Users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\
    FF - ExtSQL: 2012-10-23 21:41; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
    File::
    C:\Users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

AdwCleaner

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

----------

Please post the logs made by ComboFix and AdwCleaner and let me know how your system is running now. :)

Link to post
Share on other sites

Heres my adw log:

# AdwCleaner v2.006 - Logfile created 11/04/2012 at 01:46:02

# Updated 30/10/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : GTI - GTI-PC

# Boot Mode : Normal

# Running from : C:\Users\GTI\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default-1351042774930 [Profil par défaut]

File : C:\Users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\GTI\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://mystart.incredibar.com/mb185?a=6OyS1UE0jU&i=26" ]

Deleted [l.1717] : urls_to_restore_on_startup = [ "hxxp://mystart.incredibar.com/mb185?a=6OyS1UE0jU&i=26" ]

*************************

AdwCleaner[R1].txt - [4469 octets] - [03/11/2012 21:31:01]

AdwCleaner[s1].txt - [4222 octets] - [04/11/2012 01:46:02]

########## EOF - C:\AdwCleaner[s1].txt - [4282 octets] ##########

Link to post
Share on other sites

Hi,

Could you check at C:\ComboFix.txt and see if the log is there? Post it if it is.

If not there do the following and see if you can view it >>

Go to Start >> in Start Search type Run >> select Run when it populates above select it >> in the Run text bar type ComboFix.txt and press Enter. Does the log open? If so post it.

---------

As for Chrome....the easiest way to fix that up is actually to uninstall Chrome and install a fresh copy.

Link to post
Share on other sites

I accidentally ran Combofix again when trying to run the txt file...oops.

Here's the log though:

ComboFix 12-11-04.01 - GTI 11/04/2012 13:23:53.3.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8100.6496 [GMT -5:00]

Running from: c:\users\GTI\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-10-04 to 2012-11-04 )))))))))))))))))))))))))))))))

.

.

2012-11-04 18:25 . 2012-11-04 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-03 16:26 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AFE2CD4E-8CB5-4BD6-B78E-9CEF161D9135}\mpengine.dll

2012-11-03 02:40 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-01 22:33 . 2012-11-02 02:55 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird

2012-11-01 02:33 . 2012-11-01 02:41 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-01 02:33 . 2012-11-01 02:41 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-30 23:39 . 2012-10-30 23:39 -------- d-----w- c:\users\GTI\AppData\Local\Programs

2012-10-26 13:15 . 2012-09-27 18:07 160992 ----a-w- c:\windows\system32\drivers\idmwfp.sys

2012-10-24 00:55 . 2012-10-24 00:55 -------- d-----w- c:\program files (x86)\Perion

2012-10-24 00:55 . 2011-06-10 23:15 829264 ----a-w- c:\windows\system32\msvcr100.dll

2012-10-24 00:55 . 2011-06-10 23:15 608080 ----a-w- c:\windows\system32\msvcp100.dll

2012-10-23 01:16 . 2012-10-23 01:16 -------- d-----w- C:\Reditr

2012-10-19 21:26 . 2012-09-27 03:35 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF05B71F-B655-4787-A31C-8322CDF2653F}\gapaengine.dll

2012-10-18 00:57 . 2012-10-18 00:57 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-10-18 00:57 . 2012-10-18 00:57 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-18 00:57 . 2012-10-18 00:57 -------- d-----w- c:\programdata\McAfee

2012-10-14 07:59 . 2012-11-04 12:37 -------- d-----w- c:\users\GTI\AppData\Roaming\Mumble

2012-10-14 07:58 . 2012-10-14 07:58 -------- d-----w- c:\program files (x86)\Mumble

2012-10-13 22:23 . 2012-09-20 04:35 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-10-13 22:23 . 2012-09-20 04:35 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-10-13 19:53 . 2012-10-13 19:53 -------- d-----w- c:\programdata\RELOADED

2012-10-13 18:05 . 2012-10-13 18:05 -------- d-----w- c:\users\UpdatusUser

2012-10-13 18:05 . 2012-10-13 18:05 -------- d-----w- c:\programdata\NVIDIA

2012-10-13 18:05 . 2012-10-02 19:51 3536817 ----a-w- c:\windows\system32\nvcoproc.bin

2012-10-13 18:05 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll

2012-10-13 18:05 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll

2012-10-13 18:05 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-10-13 18:05 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-10-13 18:05 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-10-13 18:05 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-10-13 18:04 . 2012-10-13 18:04 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-10-10 23:12 . 2012-10-10 23:12 -------- d-----w- c:\users\GTI\AppData\Roaming\AccurateRip

2012-10-10 23:12 . 2012-10-10 23:12 4779592 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe

2012-10-10 23:12 . 2012-10-10 23:12 -------- d-----w- c:\program files (x86)\Illustrate

2012-10-10 22:39 . 2012-10-10 22:39 -------- d-----w- c:\users\GTI\temp

2012-10-10 22:39 . 2012-10-11 00:25 -------- d-----w- c:\users\GTI\AppData\Roaming\TeamViewer

2012-10-10 22:31 . 2012-10-10 22:31 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls

2012-10-10 06:22 . 2012-10-10 06:22 80384 ----a-w- c:\windows\system32\igdde64.dll

2012-10-09 22:55 . 2012-10-09 22:55 -------- d-----w- c:\program files\Recuva

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-18 00:57 . 2012-09-08 03:16 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-10-18 00:57 . 2012-09-08 03:16 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-11 07:00 . 2012-09-08 05:23 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-10 06:22 . 2012-05-21 15:55 12836864 ----a-w- c:\windows\system32\igd10umd64.dll

2012-10-10 06:22 . 2012-03-20 02:17 110592 ----a-w- c:\windows\system32\hccutils.dll

2012-10-10 06:22 . 2012-05-21 14:42 9007616 ----a-w- c:\windows\system32\igfxress.dll

2012-10-10 06:22 . 2012-03-20 02:17 63488 ----a-w- c:\windows\system32\igfxsrvc.dll

2012-10-10 06:22 . 2012-05-21 14:43 386048 ----a-w- c:\windows\system32\igfxpph.dll

2012-10-02 22:21 . 2012-09-08 02:54 973672 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-10-02 22:21 . 2012-09-08 02:54 9146728 ----a-w- c:\windows\system32\nvcuda.dll

2012-10-02 22:21 . 2012-09-08 02:54 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-10-02 22:21 . 2012-09-08 02:54 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-10-02 22:21 . 2012-09-08 02:54 7414632 ----a-w- c:\windows\system32\nvopencl.dll

2012-10-02 22:21 . 2012-09-08 02:54 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-10-02 22:21 . 2012-09-08 02:54 364904 ----a-w- c:\windows\system32\nvEncodeAPI64.dll

2012-10-02 22:21 . 2012-09-08 02:54 313704 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll

2012-10-02 22:21 . 2012-09-08 02:54 2747240 ----a-w- c:\windows\system32\nvcuvid.dll

2012-10-02 22:21 . 2012-09-08 02:54 2731880 ----a-w- c:\windows\system32\nvapi64.dll

2012-10-02 22:21 . 2012-09-08 02:54 26331496 ----a-w- c:\windows\system32\nvoglv64.dll

2012-10-02 22:21 . 2012-09-08 02:54 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-10-02 22:21 . 2012-09-08 02:54 25256296 ----a-w- c:\windows\system32\nvcompiler.dll

2012-10-02 22:21 . 2012-09-08 02:54 247144 ----a-w- c:\windows\system32\nvinitx.dll

2012-10-02 22:21 . 2012-09-08 02:54 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-10-02 22:21 . 2012-09-08 02:54 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-10-02 22:21 . 2012-09-08 02:54 202600 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-10-02 22:21 . 2012-09-08 02:54 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-10-02 22:21 . 2012-09-08 02:54 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-10-02 22:21 . 2012-09-08 02:54 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-10-02 22:21 . 2012-09-08 02:54 1760104 ----a-w- c:\windows\system32\nvdispco64.dll

2012-10-02 22:21 . 2012-09-08 02:54 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-10-02 22:21 . 2012-09-08 02:54 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-10-02 22:21 . 2012-09-08 02:54 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-10-02 22:21 . 2012-09-08 02:54 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-10-02 22:21 . 2012-09-08 02:54 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-10-02 22:21 . 2012-09-08 02:54 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-09-29 23:54 . 2012-09-08 03:19 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-27 03:35 . 2012-09-08 03:21 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-09-16 18:42 . 2012-09-16 18:42 1174993 ----a-w- c:\windows\unins001.exe

2012-09-16 18:41 . 2012-09-16 18:41 1174993 ----a-w- c:\windows\unins000.exe

2012-09-16 01:59 . 2012-09-16 01:59 191472 ----a-w- c:\windows\system32\javaws.exe

2012-09-16 01:59 . 2012-09-16 01:59 172528 ----a-w- c:\windows\system32\javaw.exe

2012-09-16 01:59 . 2012-09-16 01:59 172528 ----a-w- c:\windows\system32\java.exe

2012-09-09 01:02 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-09-09 01:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-09-08 05:31 . 2012-09-08 05:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-09-08 05:31 . 2012-09-08 05:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-09-08 05:31 . 2012-09-08 05:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-09-08 05:31 . 2012-09-08 05:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-09-08 05:31 . 2012-09-08 05:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-09-08 05:31 . 2012-09-08 05:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-09-08 05:31 . 2012-09-08 05:31 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-09-08 05:31 . 2012-09-08 05:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-09-08 05:31 . 2012-09-08 05:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-09-08 05:31 . 2012-09-08 05:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-09-08 05:31 . 2012-09-08 05:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-09-08 05:31 . 2012-09-08 05:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-09-08 05:30 . 2012-09-08 05:30 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-09-08 05:30 . 2012-09-08 05:30 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-09-08 05:30 . 2012-09-08 05:30 89088 ----a-w- c:\windows\system32\ie4uinit.exe

2012-09-08 05:30 . 2012-09-08 05:30 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-09-08 05:30 . 2012-09-08 05:30 82432 ----a-w- c:\windows\system32\icardie.dll

2012-09-08 05:30 . 2012-09-08 05:30 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-09-08 05:30 . 2012-09-08 05:30 65024 ----a-w- c:\windows\system32\pngfilt.dll

2012-09-08 05:30 . 2012-09-08 05:30 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-09-08 05:30 . 2012-09-08 05:30 534528 ----a-w- c:\windows\system32\ieapfltr.dll

2012-09-08 05:30 . 2012-09-08 05:30 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-09-08 05:30 . 2012-09-08 05:30 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-09-08 05:30 . 2012-09-08 05:30 452608 ----a-w- c:\windows\system32\dxtmsft.dll

2012-09-08 05:30 . 2012-09-08 05:30 448512 ----a-w- c:\windows\system32\html.iec

2012-09-08 05:30 . 2012-09-08 05:30 403248 ----a-w- c:\windows\system32\iedkcs32.dll

2012-09-08 05:30 . 2012-09-08 05:30 39936 ----a-w- c:\windows\system32\iernonce.dll

2012-09-08 05:30 . 2012-09-08 05:30 3695416 ----a-w- c:\windows\system32\ieapfltr.dat

2012-09-08 05:30 . 2012-09-08 05:30 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-09-08 05:30 . 2012-09-08 05:30 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-09-08 05:30 . 2012-09-08 05:30 282112 ----a-w- c:\windows\system32\dxtrans.dll

2012-09-08 05:30 . 2012-09-08 05:30 267776 ----a-w- c:\windows\system32\ieaksie.dll

2012-09-08 05:30 . 2012-09-08 05:30 249344 ----a-w- c:\windows\system32\webcheck.dll

2012-09-08 05:30 . 2012-09-08 05:30 222208 ----a-w- c:\windows\system32\msls31.dll

2012-09-08 05:30 . 2012-09-08 05:30 197120 ----a-w- c:\windows\system32\msrating.dll

2012-09-08 05:30 . 2012-09-08 05:30 163840 ----a-w- c:\windows\system32\ieakui.dll

2012-09-08 05:30 . 2012-09-08 05:30 160256 ----a-w- c:\windows\system32\ieakeng.dll

2012-09-08 05:30 . 2012-09-08 05:30 149504 ----a-w- c:\windows\system32\occache.dll

2012-09-08 05:30 . 2012-09-08 05:30 145920 ----a-w- c:\windows\system32\iepeers.dll

2012-09-08 05:30 . 2012-09-08 05:30 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-09-08 05:30 . 2012-09-08 05:30 12288 ----a-w- c:\windows\system32\mshta.exe

2012-09-08 05:30 . 2012-09-08 05:30 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-09-08 05:30 . 2012-09-08 05:30 114176 ----a-w- c:\windows\system32\admparse.dll

2012-09-08 05:30 . 2012-09-08 05:30 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-09-08 05:30 . 2012-09-08 05:30 10752 ----a-w- c:\windows\system32\msfeedssync.exe

2012-09-08 05:30 . 2012-09-08 05:30 103936 ----a-w- c:\windows\system32\inseng.dll

2012-09-08 05:30 . 2012-09-08 05:30 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-09-08 05:30 . 2012-09-08 05:30 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-09-08 05:30 . 2012-09-08 05:30 160256 ----a-w- c:\windows\system32\wextract.exe

2012-09-08 03:24 . 2012-09-08 03:24 466520 ----a-w- c:\windows\system32\wrap_oal.dll

2012-09-08 03:24 . 2012-09-08 03:24 123480 ----a-w- c:\windows\system32\OpenAL32.dll

2012-09-08 03:24 . 2012-09-08 03:24 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-09-08 03:24 . 2012-09-08 03:24 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-09-08 03:17 . 2012-09-08 03:17 916456 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-08 03:17 . 2012-09-08 03:17 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-11-02 3540416]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 966072]

"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-10-11 842680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"CTxfiHlp"="CTXFIHLP.EXE" [2011-08-12 25600]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]

"Corsair M60 Mouse"="c:\program files (x86)\Corsair\M60 Mouse\M60Hid.exe" [2012-05-22 1766400]

"Corsair laver"="c:\program files (x86)\Corsair\K90 Keyboard\K90Hid.exe" [2012-05-22 1780736]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-09-08 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2011-08-12 230488]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2011-08-12 1494104]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2011-08-12 95320]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-08 1255736]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-05-30 13632]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 160992]

S3 CORSGKB;Corsair Gaming Keyboard;c:\windows\system32\drivers\CORSGKB.sys [2012-03-27 25600]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2011-08-12 230488]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2011-08-12 1494104]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2011-08-12 95320]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]

S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2011-08-12 1678936]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-02-14 412712]

S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2012-10-30 13368]

S3 WIMBLEMS;Corsair M60 Gaming Mouse;c:\windows\system32\drivers\WIMBLEMS.sys [2012-03-27 25600]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - RTCORE64

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1640854216-2499995478-324988698-1000Core.job

- c:\users\GTI\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16 17:45]

.

2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1640854216-2499995478-324988698-1000UA.job

- c:\users\GTI\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16 17:45]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com

IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

TCP: DhcpNameServer = 24.25.5.150 209.18.47.61

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

FF - ProfilePath - c:\users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\

FF - prefs.js: browser.startup.homepage - hxxp://rlslog.net

FF - ExtSQL: 2012-10-11 03:16; mozilla_cc@internetdownloadmanager.com; c:\users\GTI\AppData\Roaming\IDM\idmmzcc5

FF - ExtSQL: 2012-10-11 17:59; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF - ExtSQL: 2012-10-23 21:40; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1640854216-2499995478-324988698-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):49,a1,90,38,27,13,de,14,e4,cf,a1,05,07,91,07,80,88,d3,f2,e6,ed,

a3,06,1c,b3,37,dd,f2,98,a3,d0,23,51,06,70,f5,df,dc,a4,16,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-1640854216-2499995478-324988698-1000_Classes\Wow6432Node\CLSID\{9524ec50-cda5-44ae-b42c-e96e3f61a51d}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000134

"Therad"=dword:00000001

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-04 13:26:24

ComboFix-quarantined-files.txt 2012-11-04 18:26

ComboFix2.txt 2012-11-04 18:21

ComboFix3.txt 2012-11-04 05:42

ComboFix4.txt 2012-11-01 03:04

.

Pre-Run: 35,425,779,712 bytes free

Post-Run: 35,372,781,568 bytes free

.

- - End Of File - - DCCC948E103C76FD67C6CC99B6DF8E4D

Should I run the CFScript.txt with Combofix again to produce the log or no?

Link to post
Share on other sites

Should I run the CFScript.txt with Combofix again to produce the log or no?

Yes please do so. I will be traveling in a couple of hours and won't be back on until later this evening (CST). I will check things out then. :)

Link to post
Share on other sites

CFScript log:

ComboFix 12-11-04.01 - GTI 11/04/2012 15:28:13.4.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8100.6581 [GMT -5:00]

Running from: c:\users\GTI\Desktop\ComboFix.exe

Command switches used :: c:\users\GTI\Desktop\CFScript.txt.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"c:\users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi"

.

.

((((((((((((((((((((((((( Files Created from 2012-10-04 to 2012-11-04 )))))))))))))))))))))))))))))))

.

.

2012-11-04 20:30 . 2012-11-04 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-04 18:46 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2A0ECF1-2E6D-4749-A6C0-0B41E456E4D0}\mpengine.dll

2012-11-03 16:26 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-01 22:33 . 2012-11-02 02:55 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird

2012-11-01 02:33 . 2012-11-01 02:41 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-01 02:33 . 2012-11-01 02:41 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-30 23:39 . 2012-10-30 23:39 -------- d-----w- c:\users\GTI\AppData\Local\Programs

2012-10-26 13:15 . 2012-09-27 18:07 160992 ----a-w- c:\windows\system32\drivers\idmwfp.sys

2012-10-24 00:55 . 2012-10-24 00:55 -------- d-----w- c:\program files (x86)\Perion

2012-10-24 00:55 . 2011-06-10 23:15 829264 ----a-w- c:\windows\system32\msvcr100.dll

2012-10-24 00:55 . 2011-06-10 23:15 608080 ----a-w- c:\windows\system32\msvcp100.dll

2012-10-23 01:16 . 2012-10-23 01:16 -------- d-----w- C:\Reditr

2012-10-19 21:26 . 2012-09-27 03:35 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF05B71F-B655-4787-A31C-8322CDF2653F}\gapaengine.dll

2012-10-18 00:57 . 2012-10-18 00:57 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-10-18 00:57 . 2012-10-18 00:57 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-18 00:57 . 2012-10-18 00:57 -------- d-----w- c:\programdata\McAfee

2012-10-14 07:59 . 2012-11-04 12:37 -------- d-----w- c:\users\GTI\AppData\Roaming\Mumble

2012-10-14 07:58 . 2012-10-14 07:58 -------- d-----w- c:\program files (x86)\Mumble

2012-10-13 22:23 . 2012-09-20 04:35 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-10-13 22:23 . 2012-09-20 04:35 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-10-13 19:53 . 2012-10-13 19:53 -------- d-----w- c:\programdata\RELOADED

2012-10-13 18:05 . 2012-10-13 18:05 -------- d-----w- c:\users\UpdatusUser

2012-10-13 18:05 . 2012-10-13 18:05 -------- d-----w- c:\programdata\NVIDIA

2012-10-13 18:05 . 2012-10-02 19:51 3536817 ----a-w- c:\windows\system32\nvcoproc.bin

2012-10-13 18:05 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll

2012-10-13 18:05 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll

2012-10-13 18:05 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-10-13 18:05 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-10-13 18:05 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-10-13 18:05 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-10-13 18:04 . 2012-10-13 18:04 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-10-10 23:12 . 2012-10-10 23:12 -------- d-----w- c:\users\GTI\AppData\Roaming\AccurateRip

2012-10-10 23:12 . 2012-10-10 23:12 4779592 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe

2012-10-10 23:12 . 2012-10-10 23:12 -------- d-----w- c:\program files (x86)\Illustrate

2012-10-10 22:39 . 2012-10-10 22:39 -------- d-----w- c:\users\GTI\temp

2012-10-10 22:39 . 2012-10-11 00:25 -------- d-----w- c:\users\GTI\AppData\Roaming\TeamViewer

2012-10-10 22:31 . 2012-10-10 22:31 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls

2012-10-10 06:22 . 2012-10-10 06:22 80384 ----a-w- c:\windows\system32\igdde64.dll

2012-10-09 22:55 . 2012-10-09 22:55 -------- d-----w- c:\program files\Recuva

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-18 00:57 . 2012-09-08 03:16 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-10-18 00:57 . 2012-09-08 03:16 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-11 07:00 . 2012-09-08 05:23 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-10 06:22 . 2012-05-21 15:55 12836864 ----a-w- c:\windows\system32\igd10umd64.dll

2012-10-10 06:22 . 2012-03-20 02:17 110592 ----a-w- c:\windows\system32\hccutils.dll

2012-10-10 06:22 . 2012-05-21 14:42 9007616 ----a-w- c:\windows\system32\igfxress.dll

2012-10-10 06:22 . 2012-03-20 02:17 63488 ----a-w- c:\windows\system32\igfxsrvc.dll

2012-10-10 06:22 . 2012-05-21 14:43 386048 ----a-w- c:\windows\system32\igfxpph.dll

2012-10-02 22:21 . 2012-09-08 02:54 973672 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-10-02 22:21 . 2012-09-08 02:54 9146728 ----a-w- c:\windows\system32\nvcuda.dll

2012-10-02 22:21 . 2012-09-08 02:54 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-10-02 22:21 . 2012-09-08 02:54 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-10-02 22:21 . 2012-09-08 02:54 7414632 ----a-w- c:\windows\system32\nvopencl.dll

2012-10-02 22:21 . 2012-09-08 02:54 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-10-02 22:21 . 2012-09-08 02:54 364904 ----a-w- c:\windows\system32\nvEncodeAPI64.dll

2012-10-02 22:21 . 2012-09-08 02:54 313704 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll

2012-10-02 22:21 . 2012-09-08 02:54 2747240 ----a-w- c:\windows\system32\nvcuvid.dll

2012-10-02 22:21 . 2012-09-08 02:54 2731880 ----a-w- c:\windows\system32\nvapi64.dll

2012-10-02 22:21 . 2012-09-08 02:54 26331496 ----a-w- c:\windows\system32\nvoglv64.dll

2012-10-02 22:21 . 2012-09-08 02:54 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-10-02 22:21 . 2012-09-08 02:54 25256296 ----a-w- c:\windows\system32\nvcompiler.dll

2012-10-02 22:21 . 2012-09-08 02:54 247144 ----a-w- c:\windows\system32\nvinitx.dll

2012-10-02 22:21 . 2012-09-08 02:54 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-10-02 22:21 . 2012-09-08 02:54 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-10-02 22:21 . 2012-09-08 02:54 202600 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-10-02 22:21 . 2012-09-08 02:54 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-10-02 22:21 . 2012-09-08 02:54 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-10-02 22:21 . 2012-09-08 02:54 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-10-02 22:21 . 2012-09-08 02:54 1760104 ----a-w- c:\windows\system32\nvdispco64.dll

2012-10-02 22:21 . 2012-09-08 02:54 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-10-02 22:21 . 2012-09-08 02:54 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-10-02 22:21 . 2012-09-08 02:54 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-10-02 22:21 . 2012-09-08 02:54 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-10-02 22:21 . 2012-09-08 02:54 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-10-02 22:21 . 2012-09-08 02:54 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-09-29 23:54 . 2012-09-08 03:19 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-27 03:35 . 2012-09-08 03:21 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-09-16 18:42 . 2012-09-16 18:42 1174993 ----a-w- c:\windows\unins001.exe

2012-09-16 18:41 . 2012-09-16 18:41 1174993 ----a-w- c:\windows\unins000.exe

2012-09-16 01:59 . 2012-09-16 01:59 191472 ----a-w- c:\windows\system32\javaws.exe

2012-09-16 01:59 . 2012-09-16 01:59 172528 ----a-w- c:\windows\system32\javaw.exe

2012-09-16 01:59 . 2012-09-16 01:59 172528 ----a-w- c:\windows\system32\java.exe

2012-09-09 01:02 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-09-09 01:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-09-08 05:31 . 2012-09-08 05:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-09-08 05:31 . 2012-09-08 05:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-09-08 05:31 . 2012-09-08 05:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-09-08 05:31 . 2012-09-08 05:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-09-08 05:31 . 2012-09-08 05:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-09-08 05:31 . 2012-09-08 05:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-09-08 05:31 . 2012-09-08 05:31 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-09-08 05:31 . 2012-09-08 05:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-09-08 05:31 . 2012-09-08 05:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-09-08 05:31 . 2012-09-08 05:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-09-08 05:31 . 2012-09-08 05:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-09-08 05:31 . 2012-09-08 05:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-09-08 05:30 . 2012-09-08 05:30 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-09-08 05:30 . 2012-09-08 05:30 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-09-08 05:30 . 2012-09-08 05:30 89088 ----a-w- c:\windows\system32\ie4uinit.exe

2012-09-08 05:30 . 2012-09-08 05:30 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-09-08 05:30 . 2012-09-08 05:30 82432 ----a-w- c:\windows\system32\icardie.dll

2012-09-08 05:30 . 2012-09-08 05:30 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-09-08 05:30 . 2012-09-08 05:30 65024 ----a-w- c:\windows\system32\pngfilt.dll

2012-09-08 05:30 . 2012-09-08 05:30 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-09-08 05:30 . 2012-09-08 05:30 534528 ----a-w- c:\windows\system32\ieapfltr.dll

2012-09-08 05:30 . 2012-09-08 05:30 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-09-08 05:30 . 2012-09-08 05:30 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-09-08 05:30 . 2012-09-08 05:30 452608 ----a-w- c:\windows\system32\dxtmsft.dll

2012-09-08 05:30 . 2012-09-08 05:30 448512 ----a-w- c:\windows\system32\html.iec

2012-09-08 05:30 . 2012-09-08 05:30 403248 ----a-w- c:\windows\system32\iedkcs32.dll

2012-09-08 05:30 . 2012-09-08 05:30 39936 ----a-w- c:\windows\system32\iernonce.dll

2012-09-08 05:30 . 2012-09-08 05:30 3695416 ----a-w- c:\windows\system32\ieapfltr.dat

2012-09-08 05:30 . 2012-09-08 05:30 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-09-08 05:30 . 2012-09-08 05:30 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-09-08 05:30 . 2012-09-08 05:30 282112 ----a-w- c:\windows\system32\dxtrans.dll

2012-09-08 05:30 . 2012-09-08 05:30 267776 ----a-w- c:\windows\system32\ieaksie.dll

2012-09-08 05:30 . 2012-09-08 05:30 249344 ----a-w- c:\windows\system32\webcheck.dll

2012-09-08 05:30 . 2012-09-08 05:30 222208 ----a-w- c:\windows\system32\msls31.dll

2012-09-08 05:30 . 2012-09-08 05:30 197120 ----a-w- c:\windows\system32\msrating.dll

2012-09-08 05:30 . 2012-09-08 05:30 163840 ----a-w- c:\windows\system32\ieakui.dll

2012-09-08 05:30 . 2012-09-08 05:30 160256 ----a-w- c:\windows\system32\ieakeng.dll

2012-09-08 05:30 . 2012-09-08 05:30 149504 ----a-w- c:\windows\system32\occache.dll

2012-09-08 05:30 . 2012-09-08 05:30 145920 ----a-w- c:\windows\system32\iepeers.dll

2012-09-08 05:30 . 2012-09-08 05:30 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-09-08 05:30 . 2012-09-08 05:30 12288 ----a-w- c:\windows\system32\mshta.exe

2012-09-08 05:30 . 2012-09-08 05:30 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-09-08 05:30 . 2012-09-08 05:30 114176 ----a-w- c:\windows\system32\admparse.dll

2012-09-08 05:30 . 2012-09-08 05:30 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-09-08 05:30 . 2012-09-08 05:30 10752 ----a-w- c:\windows\system32\msfeedssync.exe

2012-09-08 05:30 . 2012-09-08 05:30 103936 ----a-w- c:\windows\system32\inseng.dll

2012-09-08 05:30 . 2012-09-08 05:30 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-09-08 05:30 . 2012-09-08 05:30 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-09-08 05:30 . 2012-09-08 05:30 160256 ----a-w- c:\windows\system32\wextract.exe

2012-09-08 03:24 . 2012-09-08 03:24 466520 ----a-w- c:\windows\system32\wrap_oal.dll

2012-09-08 03:24 . 2012-09-08 03:24 123480 ----a-w- c:\windows\system32\OpenAL32.dll

2012-09-08 03:24 . 2012-09-08 03:24 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-09-08 03:24 . 2012-09-08 03:24 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-09-08 03:17 . 2012-09-08 03:17 916456 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-08 03:17 . 2012-09-08 03:17 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-11-02 3540416]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 966072]

"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-10-11 842680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"CTxfiHlp"="CTXFIHLP.EXE" [2011-08-12 25600]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]

"Corsair M60 Mouse"="c:\program files (x86)\Corsair\M60 Mouse\M60Hid.exe" [2012-05-22 1766400]

"Corsair laver"="c:\program files (x86)\Corsair\K90 Keyboard\K90Hid.exe" [2012-05-22 1780736]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-09-08 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2011-08-12 230488]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2011-08-12 1494104]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2011-08-12 95320]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2011-08-12 95320]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-08 1255736]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-05-30 13632]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 160992]

S3 CORSGKB;Corsair Gaming Keyboard;c:\windows\system32\drivers\CORSGKB.sys [2012-03-27 25600]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2011-08-12 230488]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2011-08-12 1494104]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]

S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2011-08-12 1678936]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-02-14 412712]

S3 WIMBLEMS;Corsair M60 Gaming Mouse;c:\windows\system32\drivers\WIMBLEMS.sys [2012-03-27 25600]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - RTCore64

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1640854216-2499995478-324988698-1000Core.job

- c:\users\GTI\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16 17:45]

.

2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1640854216-2499995478-324988698-1000UA.job

- c:\users\GTI\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16 17:45]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com

IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

TCP: DhcpNameServer = 24.25.5.150 209.18.47.61

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

FF - ProfilePath - c:\users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\

FF - prefs.js: browser.startup.homepage - hxxp://rlslog.net

FF - ExtSQL: 2012-10-11 03:16; mozilla_cc@internetdownloadmanager.com; c:\users\GTI\AppData\Roaming\IDM\idmmzcc5

FF - ExtSQL: 2012-10-11 17:59; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF - ExtSQL: 2012-10-23 21:40; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1640854216-2499995478-324988698-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):49,a1,90,38,27,13,de,14,e4,cf,a1,05,07,91,07,80,88,d3,f2,e6,ed,

a3,06,1c,b3,37,dd,f2,98,a3,d0,23,51,06,70,f5,df,dc,a4,16,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-1640854216-2499995478-324988698-1000_Classes\Wow6432Node\CLSID\{9524ec50-cda5-44ae-b42c-e96e3f61a51d}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000134

"Therad"=dword:00000001

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-04 15:30:42

ComboFix-quarantined-files.txt 2012-11-04 20:30

ComboFix2.txt 2012-11-04 18:26

ComboFix3.txt 2012-11-04 18:21

ComboFix4.txt 2012-11-04 05:42

ComboFix5.txt 2012-11-04 20:27

.

Pre-Run: 36,181,204,992 bytes free

Post-Run: 36,130,963,456 bytes free

.

- - End Of File - - 8A59E65E7E0A423811E521A35B12B90C

Link to post
Share on other sites

Hi,

I see that your Java software is out of date. Please go to Start >> Control Panel >> Programs and Features >> uninstall all versions of Java.

Now download and install the newest version from here >> http://java.com/en/download/index.jsp

-------------

Clear Java Cache

See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked

    • Downloaded Applets
      Downloaded Applications
      Other Files

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Java Control Panel.

----------

Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

----------

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------

Link to post
Share on other sites

Malwarebytes log:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.05.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

GTI :: GTI-PC [administrator]

11/5/2012 12:04:00 AM

mbam-log-2012-11-05 (00-04-00).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 220962

Time elapsed: 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ESET scan came back clean as well.

Link to post
Share on other sites

Providing there are no other malware related problems...

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

----------

The following will implement some cleanup procedures as well as reset System Restore points:

Press the Windows key + R and this will open the Run box. Copy/paste the following text into the Run box as shown and click OK.

Combofix /Uninstall

(Note: There is a space between the ..X and the /U that needs to be there.)

CF.jpg

----------

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

If you didn't already have it I would keep Malwarebytes AntiMalware though.

Here are some tips to reduce the potential for spyware infection in the future:

1. Internet Explorer. Even if you don't use it as your main browser it should be kept up-to-date because that is the browser Windows uses for updates.

Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox. If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:

NoScript

AdBlock Plus

3. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

4. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

5. Firewall

Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. I would personally only recommend using one of the following two below:

Online Armor Free

Agnitum Outpost Firewall Free

6. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

7. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

8.Finally, I strongly recommend that you read How to Prevent Malware found here and also PC Safety and Security - What Do I Need?.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.