Jump to content

FBI Moneypak ransomeware


Recommended Posts

I've managed to get infected with the FBI moneypak malware and have so far been unable to get rid of it. Booting into safe mode failed (PC shuts down after entering my password), a Symantec bootable recovery disk failed to load properly, and a Kaskerspy bootable repair disk was unable to identify and remove the malware. I would certainly appreciate any help I could get in removing this malware from my system.

I followed the instructions given to other users in this subforum (more specfically I followed this post http://forums.malwarebytes.org/index.php?showtopic=126152&view=findpost&p=678533). It looks like most of the individuals who help in this forum use the same set of instructions, but if not please let me know your procedure and I will be happy to follow that as well.

I've included both of the FRST64 log files generated on my machine below.

Thanks in advance for your help!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-05-2013

Ran by SYSTEM on 12-05-2013 10:42:10

Running from H:\

Windows 7 Professional (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11545192 2010-11-02] (Realtek Semiconductor)

HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [390728 2010-11-23] (Acronis)

HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)

HKLM\...\Run: [Launchpad] %programfiles%\Windows Server\Bin\Launchpad.exe -autostart [1099360 2012-11-02] (Microsoft Corporation)

HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [5542168 2010-11-23] (Acronis)

HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)

HKLM-x32\...\Run: [Macro Manager] C:\Program Files (x86)\GrassSoft\Mouse Recorder\MacroManager.exe /q [2469376 2009-03-13] (GrassSoftware)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE [452016 2011-01-15] (CANON INC.)

HKU\Tyler\...\Run: [Google Update] "C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-12] (Google Inc.)

HKU\Tyler\...\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode [6129496 2011-01-12] (Logitech Inc.)

HKU\Tyler\...\Run: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart [839680 2010-06-16] ()

HKU\Tyler\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-12-28] (SUPERAntiSpyware.com)

HKU\Tyler\...\Run: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [3425688 2011-09-15] (Tonec Inc.)

HKU\Tyler\...\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKU\Tyler\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Tyler\Documents\4e4e5ca6.exe [34304 2013-05-09] ()

HKU\Tyler\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation)

AppInit_DLLs: [0 ] ()

Startup: C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> (No File)

SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll (Microsoft Corporation)

BootExecute: autocheck autochk * lsdelete

==================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-12-28] (SUPERAntiSpyware.com)

S2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1112240 2010-11-23] (Acronis)

S2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2011-05-31] (Acronis)

S2 HealthAlertsSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)

S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [820568 2011-07-20] (IObit)

S2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)

S3 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-10-27] (Lavasoft Limited)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)

S3 MySQL55; I:\ProgramData\MySQL\MySQL Server 5.5\my.ini [9507 2013-01-06] ()

S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll [554288 2013-03-29] (Symantec Corporation)

S2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)

S2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)

S2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [41600 2012-07-06] (Microsoft Corporation)

S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)

S4 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)

S2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [1390680 2013-04-12] (Symantec Corporation)

S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-27] (DT Soft Ltd)

S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)

S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [20336 2011-07-11] ()

S3 gdrv; C:\Windows\gdrv.sys [25640 2011-05-31] (Windows ® Server 2003 DDK provider)

S3 hcw89; C:\Windows\System32\DRIVERS\hcw89.sys [1605760 2013-03-28] (Hauppauge Computer Works, Inc.)

S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130509.001\IDSvia64.sys [513184 2012-11-03] (Symantec Corporation)

S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-08-18] (Lavasoft AB)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130509.004\ENG64.SYS [126192 2013-01-16] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130509.004\EX64.SYS [2087664 2013-01-16] (Symantec Corporation)

S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33184 2011-03-22] (IObit.com)

S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-27] (Duplex Secure Ltd.)

S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-11-06] (Symantec Corporation)

S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21328 2011-03-22] (IObit.com)

S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [24064 2007-12-02] (Windows ® Codename Longhorn DDK provider)

S3 VSPerfDrv100; I:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S1 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1403010.016\ccSetx64.sys [x]

S2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [x]

S0 SmartDefragDriver; System32\Drivers\SmartDefragDriver.sys [x]

S0 snapman; system32\DRIVERS\snapman.sys [x]

S3 SRTSP; \SystemRoot\System32\Drivers\NISx64\1403010.016\SRTSP64.SYS [x]

S1 SRTSPX; \SystemRoot\system32\drivers\NISx64\1403010.016\SRTSPX64.SYS [x]

S0 SymDS; system32\drivers\NISx64\1403010.016\SYMDS64.SYS [x]

S0 SymEFA; system32\drivers\NISx64\1403010.016\SYMEFA64.SYS [x]

S1 SymIRON; \SystemRoot\system32\drivers\NISx64\1403010.016\Ironx64.SYS [x]

S1 SymNetS; \SystemRoot\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS [x]

S0 tdrpman273; system32\DRIVERS\tdrpm273.sys [x]

S1 truecrypt; System32\drivers\truecrypt.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-12 10:41 - 2013-05-12 10:41 - 00000000 ____D C:\FRST

2013-05-09 14:09 - 2013-05-09 14:09 - 00174416 ____A C:\Users\Tyler\AppData\Roaming\2433f433

2013-05-09 14:09 - 2013-05-09 14:09 - 00174403 ____A C:\ProgramData\2433f433

2013-05-09 14:09 - 2013-05-09 14:09 - 00174378 ____A C:\Users\Tyler\AppData\Local\2433f433

2013-05-09 14:09 - 2013-05-09 14:09 - 00034304 ____A C:\Users\Tyler\Documents\4e4e5ca6.exe

2013-04-23 13:21 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-04-21 12:39 - 2013-04-21 12:39 - 00012106 ____A C:\Users\Tyler\Desktop\SS Weight Log Template.xlsx

2013-04-21 12:28 - 2013-04-21 12:28 - 00002013 ____A C:\Users\Public\Desktop\Canon IJ Network Tool.lnk

2013-04-21 12:28 - 2013-04-21 12:28 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool

2013-04-21 12:28 - 2013-04-21 12:28 - 00000000 ____D C:\Program Files (x86)\Canon

2013-04-21 12:28 - 2011-03-31 06:07 - 00114688 ____A (CANON INC.) C:\Windows\SysWOW64\CNC_ATU.dll

2013-04-21 12:28 - 2011-03-30 08:54 - 00323584 ____A (CANON INC.) C:\Windows\SysWOW64\CNC_ATL.dll

2013-04-21 12:28 - 2010-11-12 07:13 - 00068096 ____A C:\Windows\SysWOW64\CNC1754D.TBL

2013-04-21 12:28 - 2008-08-25 14:02 - 00015872 ____A (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll

2013-04-21 12:12 - 2013-04-21 12:12 - 00000000 ____D C:\Windows\System32\STRING

2013-04-21 12:12 - 2012-06-14 13:18 - 00366592 ____A (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL

2013-04-21 12:12 - 2012-06-14 13:18 - 00359936 ____A (CANON INC.) C:\Windows\System32\CNMN6PPM.DLL

2013-04-21 12:12 - 2012-06-14 13:18 - 00039424 ____A (CANON INC.) C:\Windows\System32\CNMN6UI.DLL

2013-04-21 12:11 - 2013-04-21 12:11 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information

2013-04-21 12:11 - 2013-04-21 12:11 - 00000000 ___HD C:\Program Files\CanonBJ

2013-04-21 12:11 - 2012-03-14 01:00 - 00385024 ____A (CANON INC.) C:\Windows\System32\CNMXLMAT.DLL

2013-04-21 12:11 - 2012-03-14 01:00 - 00385024 ____A (CANON INC.) C:\Windows\System32\CNMLMAT.DLL

2013-04-21 12:11 - 2011-03-31 06:07 - 00302080 ____A (CANON INC.) C:\Windows\System32\CNC_ATC.dll

2013-04-21 12:11 - 2011-03-31 06:06 - 00112128 ____A (CANON INC.) C:\Windows\System32\CNC_ATI.dll

2013-04-21 12:11 - 2011-03-30 08:55 - 00373248 ____A (CANON INC.) C:\Windows\System32\CNC_ATL.dll

2013-04-21 12:11 - 2010-11-12 07:13 - 00068096 ____A C:\Windows\System32\CNC1754D.TBL

2013-04-21 12:11 - 2008-08-25 14:02 - 00017920 ____A (CANON INC.) C:\Windows\System32\CNHMCA6.dll

2013-04-21 09:40 - 2013-04-21 09:40 - 00002008 ____A C:\Users\Tyler\Desktop\FileBot.lnk

2013-04-21 09:40 - 2013-04-21 09:40 - 00000000 ____D C:\Program Files\FileBot

2013-04-14 09:36 - 2013-04-14 09:36 - 00000134 ____A C:\Users\Tyler\Desktop\Internet Explorer Troubleshooting.url

2013-04-14 09:34 - 2013-04-14 09:34 - 00000000 ____D C:\Users\Tyler\AppData\Local\Intuit

2013-04-12 13:43 - 2013-04-12 13:43 - 00001929 ____A C:\Users\Tyler\Desktop\history.xml

==================== One Month Modified Files and Folders =======

2013-05-12 10:41 - 2013-05-12 10:41 - 00000000 ____D C:\FRST

2013-05-12 05:12 - 2011-09-27 07:39 - 00000570 ____A C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job

2013-05-12 05:09 - 2009-07-13 20:45 - 00014480 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-12 05:09 - 2009-07-13 20:45 - 00014480 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-12 05:07 - 2009-07-13 21:13 - 00873834 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-12 05:05 - 2011-05-31 23:14 - 01796486 ____A C:\Windows\WindowsUpdate.log

2013-05-12 05:03 - 2011-06-12 12:12 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352576983-2296217787-3144300893-1000UA.job

2013-05-12 05:02 - 2012-11-09 16:06 - 00018859 ____A C:\Windows\setupact.log

2013-05-12 05:02 - 2012-04-16 13:55 - 00000000 ____D C:\ProgramData\NVIDIA

2013-05-12 05:02 - 2011-10-13 23:22 - 00113092 ____A C:\aaw7boot.log

2013-05-12 05:02 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-09 17:59 - 2009-07-13 21:08 - 00032536 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-05-09 14:09 - 2013-05-09 14:09 - 00174416 ____A C:\Users\Tyler\AppData\Roaming\2433f433

2013-05-09 14:09 - 2013-05-09 14:09 - 00174403 ____A C:\ProgramData\2433f433

2013-05-09 14:09 - 2013-05-09 14:09 - 00174378 ____A C:\Users\Tyler\AppData\Local\2433f433

2013-05-09 14:09 - 2013-05-09 14:09 - 00034304 ____A C:\Users\Tyler\Documents\4e4e5ca6.exe

2013-05-09 13:40 - 2012-04-07 08:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-09 13:14 - 2012-10-23 16:31 - 00000000 ___RD C:\Users\Tyler\Dropbox

2013-05-09 13:14 - 2011-12-01 09:11 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\Dropbox

2013-05-08 14:39 - 2011-06-11 17:24 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\DMCache

2013-05-07 15:03 - 2011-06-12 12:12 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352576983-2296217787-3144300893-1000Core.job

2013-05-07 13:32 - 2009-07-13 18:34 - 00000057 ____A C:\Windows\System32\Drivers\etc\hosts.bak

2013-04-29 15:04 - 2011-05-31 20:22 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\Mozilla

2013-04-28 08:03 - 2011-09-02 18:03 - 00000000 ____D C:\Users\Tyler\AppData\Local\Deployment

2013-04-22 14:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-04-21 16:58 - 2012-05-03 18:45 - 00000000 ____D C:\Users\Tyler\Documents\Visual Studio 2010

2013-04-21 15:26 - 2011-08-16 16:37 - 00002012 ___AH C:\Users\Tyler\Documents\Default.rdp

2013-04-21 12:39 - 2013-04-21 12:39 - 00012106 ____A C:\Users\Tyler\Desktop\SS Weight Log Template.xlsx

2013-04-21 12:28 - 2013-04-21 12:28 - 00002013 ____A C:\Users\Public\Desktop\Canon IJ Network Tool.lnk

2013-04-21 12:28 - 2013-04-21 12:28 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool

2013-04-21 12:28 - 2013-04-21 12:28 - 00000000 ____D C:\Program Files (x86)\Canon

2013-04-21 12:28 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media

2013-04-21 12:12 - 2013-04-21 12:12 - 00000000 ____D C:\Windows\System32\STRING

2013-04-21 12:11 - 2013-04-21 12:11 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information

2013-04-21 12:11 - 2013-04-21 12:11 - 00000000 ___HD C:\Program Files\CanonBJ

2013-04-21 09:40 - 2013-04-21 09:40 - 00002008 ____A C:\Users\Tyler\Desktop\FileBot.lnk

2013-04-21 09:40 - 2013-04-21 09:40 - 00000000 ____D C:\Program Files\FileBot

2013-04-20 16:33 - 2011-05-31 19:08 - 00000000 ____D C:\users\Tyler

2013-04-16 13:21 - 2012-11-06 12:11 - 00000000 ____D C:\Windows\System32\Drivers\NISx64

2013-04-15 14:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-04-14 09:36 - 2013-04-14 09:36 - 00000134 ____A C:\Users\Tyler\Desktop\Internet Explorer Troubleshooting.url

2013-04-14 09:36 - 2013-03-24 13:03 - 00014499 ____A C:\Windows\IE10_main.log

2013-04-14 09:34 - 2013-04-14 09:34 - 00000000 ____D C:\Users\Tyler\AppData\Local\Intuit

2013-04-12 13:43 - 2013-04-12 13:43 - 00001929 ____A C:\Users\Tyler\Desktop\history.xml

2013-04-12 10:36 - 2011-05-31 20:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-12 06:45 - 2013-04-23 13:21 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-04-12 06:11 - 2013-04-11 14:04 - 00000155 ____A C:\Users\Tyler\Desktop\MomFaxNumber.txt

Other Malware:

===========

C:\ProgramData\ezsidmv.dat

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 16%

Total physical RAM: 4091.3 MB

Available physical RAM: 3413.4 MB

Total Pagefile: 4089.45 MB

Available Pagefile: 3405.2 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:12.34 GB) NTFS (Disk=2 Partition=2)

Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=2 Partition=1) ==>[system with boot components (obtained from reading drive)]

Drive e: (Programs) (Fixed) (Total:234.72 GB) (Free:102.3 GB) NTFS (Disk=0 Partition=2)

Drive h: (NBRT) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32 (Disk=3 Partition=1)

Drive i: (Storage) (Fixed) (Total:465.76 GB) (Free:211.91 GB) NTFS

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: () (Fixed) (Total:63.37 GB) (Free:53.35 GB) NTFS (Disk=0 Partition=1)

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 33943393)

Partition 1: (Active) - (Size=63 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=235 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 49C1508A)

Partition 1: (Not Active) - (Size=466 GB) - (Type=42)

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: E187BBA1)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================

Disk: 3 (Size: 4 GB) (Disk ID: 00000000)

Partition 1: (Active) - (Size=4 GB) - (Type=0B)

Last Boot: 2013-04-29 14:34

==================== End Of Log ============================

Farbar Recovery Scan Tool (x64) Version: 08-05-2013

Ran by SYSTEM at 2013-05-12 11:22:14

Running from H:\

Boot Mode: Recovery

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\ERDNT\cache64\services.exe

[2011-05-31 23:07] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Link to post
Share on other sites

icon11.gif Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKU\Tyler\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Tyler\Documents\4e4e5ca6.exe [34304 2013-05-09] ()
HKU\Tyler\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: [0 ] ()
2013-05-09 14:09 - 2013-05-09 14:09 - 00174416 ____A C:\Users\Tyler\AppData\Roaming\2433f433
2013-05-09 14:09 - 2013-05-09 14:09 - 00174403 ____A C:\ProgramData\2433f433
2013-05-09 14:09 - 2013-05-09 14:09 - 00174378 ____A C:\Users\Tyler\AppData\Local\2433f433
2013-05-09 14:09 - 2013-05-09 14:09 - 00034304 ____A C:\Users\Tyler\Documents\4e4e5ca6.exe
C:\ProgramData\ezsidmv.dat

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options again.

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Link to post
Share on other sites

Thanks for your fast response!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-05-2013

Ran by SYSTEM at 2013-05-12 12:06:17 Run:1

Running from H:\

Boot Mode: Recovery

==============================================

HKEY_USERS\Tyler\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value not found.

HKEY_USERS\Tyler\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.

C:\Users\Tyler\AppData\Roaming\2433f433 => Moved successfully.

C:\ProgramData\2433f433 => Moved successfully.

C:\Users\Tyler\AppData\Local\2433f433 => Moved successfully.

C:\Users\Tyler\Documents\4e4e5ca6.exe => Moved successfully.

C:\ProgramData\ezsidmv.dat => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Yes, it appears to be booting normally now. Both of the logs are included below :

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-05-2013

Ran by Tyler (administrator) on 12-05-2013 12:24:32

Running from F:\

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Windows\system32\msiexec.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WhsMcClient.exe

(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe

(Microsoft Corporation) C:\Program Files\Windows Server\Bin\LANConfigSvc.exe

(Microsoft Corporation) C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(Microsoft Corporation) C:\Program Files\Windows Server\Bin\Launchpad.exe

(Google Inc.) C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe

(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

() C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe

(DT Soft Ltd) D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

(Dropbox, Inc.) C:\Users\Tyler\AppData\Roaming\Dropbox\bin\Dropbox.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

(Farbar) F:\FRST64.exe

(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe

(Microsoft Corporation) C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11545192 2010-11-02] (Realtek Semiconductor)

HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [390728 2010-11-23] (Acronis)

HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)

HKLM\...\Run: [Launchpad] %programfiles%\Windows Server\Bin\Launchpad.exe -autostart [1099360 2012-11-02] (Microsoft Corporation)

HKCU\...\Run: [Google Update] "C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-12] (Google Inc.)

HKCU\...\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode [6129496 2011-01-12] (Logitech Inc.)

HKCU\...\Run: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart [839680 2010-06-16] ()

HKCU\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-12-28] (SUPERAntiSpyware.com)

HKCU\...\Run: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [3425688 2011-09-15] (Tonec Inc.)

HKCU\...\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKCU\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Tyler\Documents\4e4e5ca6.exe [x]

HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [5542168 2010-11-23] (Acronis)

HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)

HKLM-x32\...\Run: [Macro Manager] C:\Program Files (x86)\GrassSoft\Mouse Recorder\MacroManager.exe /q [2469376 2009-03-13] (GrassSoftware)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE [452016 2011-01-15] (CANON INC.)

Startup: C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Tyler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll (Microsoft Corporation)

SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\SysWow64\webcheck.dll No File

BootExecute: autocheck autochk * lsdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =

BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)

BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)

BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - i:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll No File

BHO-x32: Yontoo Layers (Drop Down Deals) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll (Yontoo LLC)

Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)

Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation)

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

PDF: HKLM-x32 {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab

PDF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{130C5540-4FCB-43F9-B37B-249E1F0A3967}: [NameServer]208.67.222.222,208.67.220.220

FireFox:

========

FF ProfilePath: C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\rhojk9s5.default

FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()

FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Extension: LastPass - C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\rhojk9s5.default\Extensions\support@lastpass.com

Chrome:

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Tyler\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Tyler\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Users\Tyler\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File

CHR Plugin: (NPLastPass) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\nplastpass.dll No File

CHR Plugin: (Norton Confidential) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File

CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (Google Talk Plugin) - C:\Users\Tyler\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Tyler\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (Google Update) - C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

CHR Plugin: (VLC Web Plugin) - D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Microsoft Office 2010) - F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL No File

CHR Plugin: (Microsoft Office 2010) - F:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL No File

CHR Extension: (Session Manager) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0

CHR Extension: (YouTube) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Adblock Plus) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0

CHR Extension: (Google Search) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (LastPass) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.25_0

CHR Extension: (Norton Identity Protection) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0

CHR Extension: (NotScripts) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0

CHR Extension: (Gmail) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-12-28] (SUPERAntiSpyware.com)

R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1112240 2010-11-23] (Acronis)

R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2011-06-01] (Acronis)

R2 HealthAlertsSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)

R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [820568 2011-07-20] (IObit)

S2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)

S3 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-10-27] (Lavasoft Limited)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)

S3 MySQL55; I:\ProgramData\MySQL\MySQL Server 5.5\my.ini [9507 2013-01-06] ()

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll [554288 2013-03-29] (Symantec Corporation)

R2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)

R2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)

R2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [41600 2012-07-06] (Microsoft Corporation)

S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)

S4 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)

R2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [1390680 2013-04-12] (Symantec Corporation)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-27] (DT Soft Ltd)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)

S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [20336 2011-07-11] ()

S3 gdrv; C:\Windows\gdrv.sys [25640 2011-05-31] (Windows ® Server 2003 DDK provider)

R3 hcw89; C:\Windows\System32\DRIVERS\hcw89.sys [1605760 2013-03-28] (Hauppauge Computer Works, Inc.)

R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130509.001\IDSvia64.sys [513184 2012-11-03] (Symantec Corporation)

R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-08-18] (Lavasoft AB)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130509.004\ENG64.SYS [126192 2013-01-16] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130509.004\EX64.SYS [2087664 2013-01-16] (Symantec Corporation)

S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33184 2011-03-23] (IObit.com)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-02-27] (Duplex Secure Ltd.)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-11-06] (Symantec Corporation)

S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21328 2011-03-23] (IObit.com)

S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [24064 2007-12-02] (Windows ® Codename Longhorn DDK provider)

S3 VSPerfDrv100; I:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

R1 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1403010.016\ccSetx64.sys [x]

S2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [x]

R0 SmartDefragDriver; System32\Drivers\SmartDefragDriver.sys [x]

R0 snapman; system32\DRIVERS\snapman.sys [x]

R3 SRTSP; \SystemRoot\System32\Drivers\NISx64\1403010.016\SRTSP64.SYS [x]

R1 SRTSPX; \SystemRoot\system32\drivers\NISx64\1403010.016\SRTSPX64.SYS [x]

R0 SymDS; system32\drivers\NISx64\1403010.016\SYMDS64.SYS [x]

R0 SymEFA; system32\drivers\NISx64\1403010.016\SYMEFA64.SYS [x]

R1 SymIRON; \SystemRoot\system32\drivers\NISx64\1403010.016\Ironx64.SYS [x]

R1 SymNetS; \SystemRoot\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS [x]

R0 tdrpman273; system32\DRIVERS\tdrpm273.sys [x]

R1 truecrypt; System32\drivers\truecrypt.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-12 14:41 - 2013-05-12 14:41 - 00000000 ____D C:\FRST

2013-04-23 17:21 - 2013-04-12 10:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-04-21 16:39 - 2013-04-21 16:39 - 00012106 ____A C:\Users\Tyler\Desktop\SS Weight Log Template.xlsx

2013-04-21 16:28 - 2013-04-21 16:28 - 00002013 ____A C:\Users\Public\Desktop\Canon IJ Network Tool.lnk

2013-04-21 16:28 - 2013-04-21 16:28 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool

2013-04-21 16:28 - 2013-04-21 16:28 - 00000000 ____D C:\Program Files (x86)\Canon

2013-04-21 16:28 - 2011-03-31 10:07 - 00114688 ____A (CANON INC.) C:\Windows\SysWOW64\CNC_ATU.dll

2013-04-21 16:28 - 2011-03-30 12:54 - 00323584 ____A (CANON INC.) C:\Windows\SysWOW64\CNC_ATL.dll

2013-04-21 16:28 - 2010-11-12 11:13 - 00068096 ____A C:\Windows\SysWOW64\CNC1754D.TBL

2013-04-21 16:28 - 2008-08-25 18:02 - 00015872 ____A (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll

2013-04-21 16:12 - 2013-04-21 16:12 - 00000000 ____D C:\Windows\System32\STRING

2013-04-21 16:12 - 2012-06-14 17:18 - 00366592 ____A (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL

2013-04-21 16:12 - 2012-06-14 17:18 - 00359936 ____A (CANON INC.) C:\Windows\System32\CNMN6PPM.DLL

2013-04-21 16:12 - 2012-06-14 17:18 - 00039424 ____A (CANON INC.) C:\Windows\System32\CNMN6UI.DLL

2013-04-21 16:11 - 2013-04-21 16:11 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information

2013-04-21 16:11 - 2013-04-21 16:11 - 00000000 ___HD C:\Program Files\CanonBJ

2013-04-21 16:11 - 2012-03-14 05:00 - 00385024 ____A (CANON INC.) C:\Windows\System32\CNMXLMAT.DLL

2013-04-21 16:11 - 2012-03-14 05:00 - 00385024 ____A (CANON INC.) C:\Windows\System32\CNMLMAT.DLL

2013-04-21 16:11 - 2011-03-31 10:07 - 00302080 ____A (CANON INC.) C:\Windows\System32\CNC_ATC.dll

2013-04-21 16:11 - 2011-03-31 10:06 - 00112128 ____A (CANON INC.) C:\Windows\System32\CNC_ATI.dll

2013-04-21 16:11 - 2011-03-30 12:55 - 00373248 ____A (CANON INC.) C:\Windows\System32\CNC_ATL.dll

2013-04-21 16:11 - 2010-11-12 11:13 - 00068096 ____A C:\Windows\System32\CNC1754D.TBL

2013-04-21 16:11 - 2008-08-25 18:02 - 00017920 ____A (CANON INC.) C:\Windows\System32\CNHMCA6.dll

2013-04-21 13:40 - 2013-04-21 13:40 - 00002008 ____A C:\Users\Tyler\Desktop\FileBot.lnk

2013-04-21 13:40 - 2013-04-21 13:40 - 00000000 ____D C:\Program Files\FileBot

2013-04-14 13:36 - 2013-04-14 13:36 - 00000134 ____A C:\Users\Tyler\Desktop\Internet Explorer Troubleshooting.url

2013-04-14 13:34 - 2013-04-14 13:34 - 00000000 ____D C:\Users\Tyler\AppData\Local\Intuit

2013-04-12 17:43 - 2013-04-12 17:43 - 00001929 ____A C:\Users\Tyler\Desktop\history.xml

==================== One Month Modified Files and Folders =======

2013-05-12 14:41 - 2013-05-12 14:41 - 00000000 ____D C:\FRST

2013-05-12 12:24 - 2012-04-01 08:44 - 00000000 ____D C:\Users\Tyler\AppData\Local\sabnzbd

2013-05-12 12:24 - 2012-04-01 08:44 - 00000000 ____D C:\Program Files (x86)\SABnzbd

2013-05-12 12:23 - 2009-07-14 00:45 - 00014480 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-12 12:23 - 2009-07-14 00:45 - 00014480 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-12 12:21 - 2009-07-14 01:13 - 00873834 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-12 12:19 - 2011-06-01 03:14 - 01803464 ____A C:\Windows\WindowsUpdate.log

2013-05-12 12:16 - 2012-11-09 20:06 - 00018915 ____A C:\Windows\setupact.log

2013-05-12 12:16 - 2012-04-16 17:55 - 00000000 ____D C:\ProgramData\NVIDIA

2013-05-12 12:16 - 2011-12-01 13:11 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\Dropbox

2013-05-12 12:16 - 2011-10-14 03:22 - 00113316 ____A C:\aaw7boot.log

2013-05-12 12:16 - 2011-09-27 11:39 - 00000570 ____A C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job

2013-05-12 12:16 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-12 09:03 - 2011-06-12 16:12 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352576983-2296217787-3144300893-1000UA.job

2013-05-09 21:59 - 2009-07-14 01:08 - 00032536 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-05-09 17:40 - 2012-04-07 12:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-09 17:14 - 2012-10-23 20:31 - 00000000 ___RD C:\Users\Tyler\Dropbox

2013-05-08 18:39 - 2011-06-11 21:24 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\DMCache

2013-05-07 19:03 - 2011-06-12 16:12 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352576983-2296217787-3144300893-1000Core.job

2013-05-07 17:32 - 2009-07-13 22:34 - 00000057 ____A C:\Windows\System32\Drivers\etc\hosts.bak

2013-04-29 19:04 - 2011-06-01 00:22 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\Mozilla

2013-04-28 12:03 - 2011-09-02 22:03 - 00000000 ____D C:\Users\Tyler\AppData\Local\Deployment

2013-04-22 18:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2013-04-21 20:58 - 2012-05-03 22:45 - 00000000 ____D C:\Users\Tyler\Documents\Visual Studio 2010

2013-04-21 19:26 - 2011-08-16 20:37 - 00002012 ___AH C:\Users\Tyler\Documents\Default.rdp

2013-04-21 16:39 - 2013-04-21 16:39 - 00012106 ____A C:\Users\Tyler\Desktop\SS Weight Log Template.xlsx

2013-04-21 16:28 - 2013-04-21 16:28 - 00002013 ____A C:\Users\Public\Desktop\Canon IJ Network Tool.lnk

2013-04-21 16:28 - 2013-04-21 16:28 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool

2013-04-21 16:28 - 2013-04-21 16:28 - 00000000 ____D C:\Program Files (x86)\Canon

2013-04-21 16:28 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media

2013-04-21 16:12 - 2013-04-21 16:12 - 00000000 ____D C:\Windows\System32\STRING

2013-04-21 16:11 - 2013-04-21 16:11 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information

2013-04-21 16:11 - 2013-04-21 16:11 - 00000000 ___HD C:\Program Files\CanonBJ

2013-04-21 13:40 - 2013-04-21 13:40 - 00002008 ____A C:\Users\Tyler\Desktop\FileBot.lnk

2013-04-21 13:40 - 2013-04-21 13:40 - 00000000 ____D C:\Program Files\FileBot

2013-04-20 20:33 - 2011-05-31 23:08 - 00000000 ____D C:\users\Tyler

2013-04-16 17:21 - 2012-11-06 16:11 - 00000000 ____D C:\Windows\System32\Drivers\NISx64

2013-04-15 18:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-04-14 13:36 - 2013-04-14 13:36 - 00000134 ____A C:\Users\Tyler\Desktop\Internet Explorer Troubleshooting.url

2013-04-14 13:36 - 2013-03-24 17:03 - 00014499 ____A C:\Windows\IE10_main.log

2013-04-14 13:34 - 2013-04-14 13:34 - 00000000 ____D C:\Users\Tyler\AppData\Local\Intuit

2013-04-12 17:43 - 2013-04-12 17:43 - 00001929 ____A C:\Users\Tyler\Desktop\history.xml

2013-04-12 14:36 - 2011-06-01 00:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-12 10:45 - 2013-04-23 17:21 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-04-12 10:11 - 2013-04-11 18:04 - 00000155 ____A C:\Users\Tyler\Desktop\MomFaxNumber.txt

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-04-29 18:34

==================== End Of Log ============================

Farbar Recovery Scan Tool (x64) Version: 08-05-2013

Ran by Tyler at 2013-05-12 12:28:11

Running from F:\

Boot Mode: Normal

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\ERDNT\cache64\services.exe

[2011-06-01 03:07] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Link to post
Share on other sites

Please do this:

icon11.gif Download Combofix from HERE, and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.

.

Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

icon11.gif You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:

  • ComboFix log
  • MBAM log

Link to post
Share on other sites

ComboFix 13-05-12.01 - Tyler 05/12/2013 13:59:41.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4091.2481 [GMT -4:00]

Running from: c:\users\Tyler\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Tyler\AppData\Local\assembly\tmp

c:\users\Tyler\AppData\Roaming\ADF8F0174DAB4265999B9336FFF72A2D.dat

c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Recent\HCivicHood60Elv180Az4Bounce.mat

c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Recent\HCivicHood60Elv180AzDblFreqSamp.mat

c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Recent\HCivicHood60Elv180AzDblTimeSamp.mat

c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Recent\HCivicHood60Elv180AzMod2RT.mat

c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Recent\HCivicHood60Elv180AzModRT.mat

c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Recent\HCivicHood60Elv360Az4Bounce.mat

c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Recent\HCivicHood60Elv360AzModRT.mat

c:\windows\SysWow64\frapsvid.dll

c:\windows\Temp\tmp3.tmp

.

.

((((((((((((((((((((((((( Files Created from 2013-04-12 to 2013-05-12 )))))))))))))))))))))))))))))))

.

.

2013-05-12 18:41 . 2013-05-12 18:41 -------- d-----w- C:\FRST

2013-05-12 18:07 . 2013-05-12 18:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-05-12 18:07 . 2013-05-12 18:07 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-05-12 18:07 . 2013-05-12 18:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-23 21:21 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-21 20:28 . 2013-04-21 20:28 -------- d-----w- c:\programdata\Canon IJ Network Tool

2013-04-21 20:28 . 2013-04-21 20:28 -------- d-----w- c:\program files (x86)\Canon

2013-04-21 20:28 . 2011-03-31 14:07 114688 ----a-w- c:\windows\SysWow64\CNC_ATU.dll

2013-04-21 20:28 . 2011-03-30 16:54 323584 ----a-w- c:\windows\SysWow64\CNC_ATL.dll

2013-04-21 20:28 . 2008-08-25 22:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll

2013-04-21 20:12 . 2013-04-21 20:12 -------- d-----w- c:\windows\system32\STRING

2013-04-21 20:12 . 2012-06-14 21:18 39424 ----a-w- c:\windows\system32\CNMN6UI.DLL

2013-04-21 20:12 . 2012-06-14 21:18 359936 ----a-w- c:\windows\system32\CNMN6PPM.DLL

2013-04-21 20:12 . 2012-06-14 21:18 366592 ----a-w- c:\windows\SysWow64\CNMNPPM.DLL

2013-04-21 20:11 . 2012-03-14 09:00 385024 ----a-w- c:\windows\system32\CNMXLMAT.DLL

2013-04-21 20:11 . 2013-04-21 20:11 -------- d--h--w- c:\program files\CanonBJ

2013-04-21 20:11 . 2013-04-21 20:11 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2013-04-21 20:11 . 2012-03-14 09:00 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAT.DLL

2013-04-21 20:11 . 2012-03-14 09:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAT.DLL

2013-04-21 20:11 . 2012-03-14 09:00 385024 ----a-w- c:\windows\system32\CNMLMAT.DLL

2013-04-21 20:11 . 2011-03-31 14:07 302080 ----a-w- c:\windows\system32\CNC_ATC.dll

2013-04-21 20:11 . 2011-03-31 14:06 112128 ----a-w- c:\windows\system32\CNC_ATI.dll

2013-04-21 20:11 . 2011-03-30 16:55 373248 ----a-w- c:\windows\system32\CNC_ATL.dll

2013-04-21 20:11 . 2008-08-25 22:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll

2013-04-21 17:40 . 2013-04-21 17:40 -------- d-----w- c:\program files\FileBot

2013-04-16 10:40 . 2013-04-16 21:20 -------- d-----w- c:\windows\system32\drivers\NISx64\1403010.016

2013-04-14 17:34 . 2013-04-14 17:34 -------- d-----w- c:\users\Tyler\AppData\Local\Intuit

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-11 00:49 . 2012-05-04 02:46 2485856 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2013-04-11 00:44 . 2011-06-12 01:32 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-04-04 18:50 . 2011-06-01 04:33 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-29 23:01 . 2012-04-07 16:01 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-29 23:01 . 2011-06-12 01:23 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-28 16:12 . 2013-03-28 16:12 1605760 ----a-w- c:\windows\system32\drivers\hcw89.sys

2013-03-28 16:12 . 2013-03-28 16:12 147456 ----a-w- c:\windows\system32\hcwECPPP.ax

2013-03-28 16:12 . 2013-03-28 16:12 128512 ----a-w- c:\windows\system32\HcwPrx89.ax

2013-03-28 16:12 . 2013-03-28 16:12 110592 ----a-w- c:\windows\system32\hcwCP.ax

2013-03-19 06:04 . 2013-04-10 22:27 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 22:27 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 22:27 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 22:27 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 22:27 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 22:27 112640 ----a-w- c:\windows\system32\smss.exe

2013-03-05 23:11 . 2013-03-05 23:11 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-05 23:11 . 2012-10-26 14:58 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-03-05 23:11 . 2012-01-21 21:14 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-01 03:36 . 2013-04-10 22:27 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-02-28 02:02 . 2013-02-28 02:02 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2013-02-28 01:16 . 2011-06-01 03:32 564824 ----a-w- c:\windows\system32\drivers\sptd.sys

2013-02-26 04:32 . 2013-02-26 04:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll

2013-02-26 04:32 . 2012-10-11 01:22 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-02-26 04:32 . 2012-04-16 21:55 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-02-26 04:32 . 2013-02-26 04:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll

2013-02-26 04:32 . 2012-04-16 21:55 2826040 ----a-w- c:\windows\system32\nvapi64.dll

2013-02-26 04:32 . 2012-07-13 14:11 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll

2013-02-26 04:32 . 2012-04-16 21:55 1814304 ----a-w- c:\windows\system32\nvdispco64.dll

2013-02-26 04:32 . 2012-04-16 21:55 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-02-26 04:32 . 2013-02-26 04:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2013-02-26 04:32 . 2013-02-26 04:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2013-02-26 04:32 . 2013-02-26 04:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll

2013-02-26 04:32 . 2013-02-26 04:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll

2013-02-26 04:32 . 2013-02-26 04:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-02-26 04:32 . 2013-02-26 04:32 245872 ----a-w- c:\windows\system32\nvinitx.dll

2013-02-26 04:32 . 2013-02-26 04:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-02-26 04:32 . 2012-10-11 01:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll

2013-02-26 04:32 . 2013-02-26 04:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll

2013-02-26 04:32 . 2013-02-26 04:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2013-02-26 04:32 . 2012-04-16 21:55 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-02-26 04:32 . 2013-02-26 04:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2013-02-26 04:32 . 2013-02-26 04:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll

2013-02-26 04:32 . 2013-02-26 04:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2013-02-26 04:32 . 2013-02-26 04:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-02-26 04:32 . 2013-02-26 04:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll

2013-02-26 04:32 . 2013-02-26 04:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll

2013-02-22 06:57 . 2013-04-11 00:44 17817088 ----a-w- c:\windows\system32\mshtml.dll

2013-02-22 06:29 . 2013-04-11 00:44 10925568 ----a-w- c:\windows\system32\ieframe.dll

2013-02-22 06:27 . 2013-04-11 00:44 2312704 ----a-w- c:\windows\system32\jscript9.dll

2013-02-22 06:21 . 2013-04-11 00:44 1346560 ----a-w- c:\windows\system32\urlmon.dll

2013-02-22 06:20 . 2013-04-11 00:44 1392128 ----a-w- c:\windows\system32\wininet.dll

2013-02-22 06:19 . 2013-04-11 00:44 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2013-02-22 06:18 . 2013-04-11 00:44 237056 ----a-w- c:\windows\system32\url.dll

2013-02-22 06:17 . 2013-04-11 00:44 85504 ----a-w- c:\windows\system32\jsproxy.dll

2013-02-22 06:15 . 2013-04-11 00:44 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2013-02-22 06:15 . 2013-04-11 00:44 599040 ----a-w- c:\windows\system32\vbscript.dll

2013-02-22 06:15 . 2013-04-11 00:44 816640 ----a-w- c:\windows\system32\jscript.dll

2013-02-22 06:14 . 2013-04-11 00:44 729088 ----a-w- c:\windows\system32\msfeeds.dll

2013-02-22 06:13 . 2013-04-11 00:44 2147840 ----a-w- c:\windows\system32\iertutil.dll

2013-02-22 06:13 . 2013-04-11 00:44 96768 ----a-w- c:\windows\system32\mshtmled.dll

2013-02-22 06:12 . 2013-04-11 00:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-02-22 06:09 . 2013-04-11 00:44 248320 ----a-w- c:\windows\system32\ieui.dll

2013-02-22 03:46 . 2013-04-11 00:44 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-02-22 03:38 . 2013-04-11 00:44 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2013-02-22 03:37 . 2013-04-11 00:44 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-02-22 03:34 . 2013-04-11 00:44 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-02-22 03:34 . 2013-04-11 00:44 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-02-22 03:31 . 2013-04-11 00:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-02-18 13:22 . 2013-02-18 13:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll

2013-02-18 13:22 . 2012-04-16 21:55 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2013-02-18 13:22 . 2013-02-18 13:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

2013-02-15 06:08 . 2013-04-10 22:27 44032 ----a-w- c:\windows\system32\tsgqec.dll

2013-02-15 06:06 . 2013-04-10 22:27 3717632 ----a-w- c:\windows\system32\mstscax.dll

2013-02-15 06:02 . 2013-04-10 22:27 158720 ----a-w- c:\windows\system32\aaclient.dll

2013-02-15 04:37 . 2013-04-10 22:27 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll

2013-02-15 04:34 . 2013-04-10 22:27 131584 ----a-w- c:\windows\SysWow64\aaclient.dll

2013-02-15 03:25 . 2013-04-10 22:27 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll

2013-02-12 05:45 . 2013-03-13 22:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 22:15 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 22:15 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 22:15 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 22:15 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 22:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-12 04:12 . 2013-03-24 21:00 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2011-07-19 08:09 195872 ----a-w- c:\program files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]

"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-12-28 5629312]

"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-09-15 3425688]

"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-11-23 5542168]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"Macro Manager"="c:\program files (x86)\GrassSoft\Mouse Recorder\MacroManager.exe" [2009-03-13 2469376]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]

.

c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Tyler\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

R2 initMonitor;Windows Server Initialization Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]

R3 MySQL55;MySQL55;i:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=i:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]

R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-03-23 33184]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 51712]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 51712]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-03-23 21328]

R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [2007-12-03 24064]

R3 VSPerfDrv100;Performance Tools Driver 10.0;i:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-12 1255736]

R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-07-11 20336]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]

R4 SqmProviderSvc;Windows Server SQM Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-08-18 69376]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS [2013-01-22 493656]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800]

S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-06-01 1263200]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [2013-04-12 1390680]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys [2012-11-16 168096]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-28 283200]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130510.001\IDSvia64.sys [2012-11-03 513184]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS [2012-11-16 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS [2013-01-31 432800]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-12-28 140672]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-06-01 3246040]

S2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;c:\program files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [2012-11-03 80504]

S2 HealthAlertsSvc;Windows Server Health Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]

S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-07-20 820568]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]

S2 LANConfig;Windows Server LAN Configuration;c:\program files\Windows Server\Bin\LANConfigSvc.exe [2011-03-02 27520]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520]

S2 NotificationsProviderSvc;Windows Server Notifications Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]

S2 providers_system;Windows Server Download Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27136]

S2 ServiceProviderRegistry;Windows Server Service Provider Registry;c:\program files\Windows Server\Bin\ProviderRegistryService.exe [2012-07-06 41600]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S2 WhsMcClient;Windows Server Media Center Client Service;c:\program files\Windows Server\Bin\WhsMcClient.exe [2012-11-03 112224]

S2 WSConnectorUpdate;Windows Server Connector Update;c:\program files\Windows Server\Bin\WSConnectorUpdate.exe [2011-03-02 228736]

S2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-06-01 285280]

S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2011-03-02 63872]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-20 138912]

S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys [2013-03-28 1605760]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]

S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 23:01]

.

2013-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352576983-2296217787-3144300893-1000Core.job

- c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-12 20:12]

.

2013-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352576983-2296217787-3144300893-1000UA.job

- c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-12 20:12]

.

2013-05-12 c:\windows\Tasks\MATLAB R2011b Startup Accelerator.job

- c:\program files (x86)\MATLAB\R2011b\bin\win64\MATLABStartupAccelerator.exe [2011-09-27 20:34]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-11-23 390728]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{130C5540-4FCB-43F9-B37B-249E1F0A3967}: NameServer = 208.67.222.222,208.67.220.220

FF - ProfilePath - c:\users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\rhojk9s5.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-qcgce2mrvjq91kk1e7pnbb19m52fx - c:\users\Tyler\Documents\4e4e5ca6.exe

HKLM-Run-Launchpad - c:\program files (x86)\Windows Server\Bin\Launchpad.exe

AddRemove-{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1 - f:\program files (x86)\Phyxion.net\Driver Sweeper\unins000.exe

AddRemove-FileBot - c:\windows\system32\javaws.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL55]

"ImagePath"="\"i:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"i:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2352576983-2296217787-3144300893-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*©È

Link to post
Share on other sites

How is your computer running now? Please do this next:

icon11.gif Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

icon11.gif Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:

  • AdwCleaner log
  • ESET log
  • How is the computer running now?

Link to post
Share on other sites

It appears to be running as well as it was before being infected with the moneypak virus.... but the ESET online scanner also found a number of suspicious files so maybe it wasn't all that great to begin with.

Here are the log files :

# AdwCleaner v2.300 - Logfile created 05/12/2013 at 16:52:14

# Updated 28/04/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Tyler - TYLER-PC

# Boot Mode : Normal

# Running from : F:\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\rhojk9s5.default\prefs.js

C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\rhojk9s5.default\user.js ... Deleted !

Deleted : user_pref("extentions.y2layers.installId", "f533914a-3d46-4dc8-bd6b-21139e2cc2f8");

Deleted : user_pref("extentions.y2layers.lastDnsTest", 368777);

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.51.1087.0

File : C:\Users\Tyler\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [2699 octets] - [12/05/2013 16:52:14]

########## EOF - C:\AdwCleaner[s1].txt - [2759 octets] ##########

C:\FRST\Quarantine\4e4e5ca6.exe Win32/TrojanDownloader.Moure.I trojan

C:\MGtools\Process.exe Win32/PrcView application

C:\Program Files (x86)\The KMPlayer\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask application

C:\Program Files (x86)\The KMPlayer\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application

C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application

C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\4672074f-4fbdcaba-temp multiple threats

G:\xbox 360 hack tools\JungleFlasher v0.1.66 Beta\PortIO32_Installer_v5\PortIO32.exe a variant of MSIL/TrojanDropper.Agent.EH trojan

I:\Backup from Old Desktop\Downloads\Compressed\maphack\EasyLoad.exe a variant of Win32/HackTool.Inject.H application

I:\Backup from Old Desktop\Downloads\Programs\unlocker1.9.0-x64.exe Win32/Adware.ADON application

I:\Diablo 2\EPLite_v100_Final_D2v112\EasyLoad.exe a variant of Win32/HackTool.Inject.H application

I:\Downloads\Programs\cbsidlm-tr1_11-Daemon_Tools_Lite-SEO-10778842.exe Win32/DownloadAdmin.G application

I:\Downloads\Programs\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask application

I:\Installers and Drivers\defragsetup.exe a variant of Win32/Toolbar.Widgi application

I:\Installers and Drivers\kmp.exe a variant of Win32/Bundled.Toolbar.Ask application

I:\MegaUpload\Sonic The Hedgehog\Sonic and Knuckles.exe probably a variant of Win32/Agent.JFXRDWO trojan

I:\MegaUpload\Sonic The Hedgehog\Sonic Spinball.exe probably a variant of Win32/Agent.JFXRDWO trojan

I:\MegaUpload\Sonic The Hedgehog\Sonic the Hedgehog 1.exe probably a variant of Win32/Agent.JFXRDWO trojan

I:\MegaUpload\Sonic The Hedgehog\Sonic the Hedgehog 2.exe probably a variant of Win32/Agent.JFXRDWO trojan

I:\MegaUpload\Sonic The Hedgehog\Sonic the Hedgehog 3.exe probably a variant of Win32/Agent.JFXRDWO trojan

I:\Program Files\Diablo II\EasyLoad.exe a variant of Win32/HackTool.Inject.H application

I:\Program Files\Diablo II - Copy\EasyLoad.exe a variant of Win32/HackTool.Inject.H application

I:\Program Files\Diablo II Modded\EasyLoad.exe a variant of Win32/HackTool.Inject.H application

I:\Program Files\Diablo II My Mod\EasyLoad.exe a variant of Win32/HackTool.Inject.H application

Link to post
Share on other sites

Please do this next:

icon11.gif Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

ClearJavaCache::
File::
G:\xbox 360 hack tools\JungleFlasher v0.1.66 Beta\PortIO32_Installer_v5\PortIO32.exe
I:\MegaUpload\Sonic The Hedgehog\Sonic and Knuckles.exe
I:\MegaUpload\Sonic The Hedgehog\Sonic Spinball.exe
I:\MegaUpload\Sonic The Hedgehog\Sonic the Hedgehog 1.exe
I:\MegaUpload\Sonic The Hedgehog\Sonic the Hedgehog 2.exe
I:\MegaUpload\Sonic The Hedgehog\Sonic the Hedgehog 3.exe
Folder::
C:\MGtools

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please include the following in your next post:

  • ComboFix log

Link to post
Share on other sites

Done... my responses are a little slower now that the weekend is over and I'm back to the work grind. Thanks again for all your help so far. I really appreciate it.

ComboFix 13-05-13.01 - Tyler 05/13/2013 18:22:02.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4091.1903 [GMT -4:00]

Running from: c:\users\Tyler\Desktop\ComboFix.exe

Command switches used :: c:\users\Tyler\Desktop\CFScript.txt

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"g:\xbox 360 hack tools\JungleFlasher v0.1.66 Beta\PortIO32_Installer_v5\PortIO32.exe"

"i:\megaupload\Sonic The Hedgehog\Sonic and Knuckles.exe"

"i:\megaupload\Sonic The Hedgehog\Sonic Spinball.exe"

"i:\megaupload\Sonic The Hedgehog\Sonic the Hedgehog 1.exe"

"i:\megaupload\Sonic The Hedgehog\Sonic the Hedgehog 2.exe"

"i:\megaupload\Sonic The Hedgehog\Sonic the Hedgehog 3.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\MGtools

c:\mgtools\analyse.exe

c:\mgtools\BamFix.bat

c:\mgtools\bamRCfix.txt

c:\mgtools\chodefix.bat

c:\mgtools\config.reg

c:\mgtools\DisableUAC.reg

c:\mgtools\download.exe

c:\mgtools\EnableUAC.reg

c:\mgtools\ffdata.txt

c:\mgtools\filelog.txt

c:\mgtools\FindOVL.bat

c:\mgtools\FindRN.bat

c:\mgtools\FixACLS.bat

c:\mgtools\FixAttr.bat

c:\mgtools\FixBagle.bat

c:\mgtools\fixBagle.reg

c:\mgtools\FixbamRC.bat

c:\mgtools\FixCF.bat

c:\mgtools\fixCF.reg

c:\mgtools\fixChode.reg

c:\mgtools\FixFA.bat

c:\mgtools\fixFA.reg

c:\mgtools\FixPerm.bat

c:\mgtools\FixSBM.bat

c:\mgtools\fixSBM.reg

c:\mgtools\GetDetails.exe

c:\mgtools\GetLogs.Bat

c:\mgtools\GetMBR.bat

c:\mgtools\GetRunKey.bat

c:\mgtools\GetUnKey.txt

c:\mgtools\GetUnKeys.bat

c:\mgtools\grep.exe

c:\mgtools\GRK64.bat

c:\mgtools\hide.reg

c:\mgtools\hijackthis.log

c:\mgtools\history.txt

c:\mgtools\HTAfind.bat

c:\mgtools\IEFIX.reg

c:\mgtools\locate.com

c:\mgtools\ltime.exe

c:\mgtools\mbrfix.bat

c:\mgtools\MGclean.bat

c:\mgtools\MiscInfo.bat

c:\mgtools\miscinfo.txt

c:\mgtools\newfiles.txt

c:\mgtools\NwkTst.bat

c:\mgtools\nwktst.txt

c:\mgtools\procdll.txt

c:\mgtools\Process.exe

c:\mgtools\ProcessDll.exe

c:\mgtools\Regfix.bat

c:\mgtools\RemMWS.bat

c:\mgtools\RunMB.bat

c:\mgtools\scantime.txt

c:\mgtools\sed.exe

c:\mgtools\ShowNew.bat

c:\mgtools\SN64.bat

c:\mgtools\swreg.exe

c:\mgtools\swwhoami.exe

c:\mgtools\SysBU.bat

c:\mgtools\sysinfo.txt

c:\mgtools\sysrest.txt

c:\mgtools\temp\GRKflag.log

c:\mgtools\temp\header0.txt

c:\mgtools\temp\junk.txt

c:\mgtools\temp\VSP1\beep.sysmg

c:\mgtools\temp\VSP1\cngaudit.dllmg

c:\mgtools\temp\VSP1\netlogon.dllmg

c:\mgtools\temp\VSP1\scecli.dllmg

c:\mgtools\temp\XPSP2\beep.sysmg

c:\mgtools\temp\XPSP2\eventlog.dllmg

c:\mgtools\temp\XPSP2\netlogon.dllmg

c:\mgtools\temp\XPSP2\scecli.dllmg

c:\mgtools\temp\XPSP3\beep.sysmg

c:\mgtools\temp\XPSP3\eventlog.dllmg

c:\mgtools\temp\XPSP3\netlogon.dllmg

c:\mgtools\temp\XPSP3\scecli.dllmg

c:\mgtools\temp\xrkey01.txt

c:\mgtools\unhide.reg

c:\mgtools\UnKeys.bat

c:\mgtools\UserInfo.bat

c:\mgtools\UserInfo.txt

c:\mgtools\vfind.exe

c:\mgtools\VunFind.bat

c:\mgtools\winfiles.txt

c:\mgtools\zia03880

c:\mgtools\zip.exe

g:\xbox 360 hack tools\JungleFlasher v0.1.66 Beta\PortIO32_Installer_v5\PortIO32.exe

i:\megaupload\Sonic The Hedgehog\Sonic and Knuckles.exe

i:\megaupload\Sonic The Hedgehog\Sonic Spinball.exe

i:\megaupload\Sonic The Hedgehog\Sonic the Hedgehog 1.exe

i:\megaupload\Sonic The Hedgehog\Sonic the Hedgehog 2.exe

i:\megaupload\Sonic The Hedgehog\Sonic the Hedgehog 3.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-04-13 to 2013-05-13 )))))))))))))))))))))))))))))))

.

.

2013-05-13 22:27 . 2013-05-13 22:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-05-13 22:27 . 2013-05-13 22:27 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-05-13 22:27 . 2013-05-13 22:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-12 20:57 . 2013-05-12 20:57 -------- d-----w- c:\program files (x86)\ESET

2013-05-12 18:41 . 2013-05-12 18:41 -------- d-----w- C:\FRST

2013-04-23 21:21 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-21 20:28 . 2013-04-21 20:28 -------- d-----w- c:\programdata\Canon IJ Network Tool

2013-04-21 20:28 . 2013-04-21 20:28 -------- d-----w- c:\program files (x86)\Canon

2013-04-21 20:28 . 2011-03-31 14:07 114688 ----a-w- c:\windows\SysWow64\CNC_ATU.dll

2013-04-21 20:28 . 2011-03-30 16:54 323584 ----a-w- c:\windows\SysWow64\CNC_ATL.dll

2013-04-21 20:28 . 2008-08-25 22:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll

2013-04-21 20:12 . 2013-04-21 20:12 -------- d-----w- c:\windows\system32\STRING

2013-04-21 20:12 . 2012-06-14 21:18 39424 ----a-w- c:\windows\system32\CNMN6UI.DLL

2013-04-21 20:12 . 2012-06-14 21:18 359936 ----a-w- c:\windows\system32\CNMN6PPM.DLL

2013-04-21 20:12 . 2012-06-14 21:18 366592 ----a-w- c:\windows\SysWow64\CNMNPPM.DLL

2013-04-21 20:11 . 2012-03-14 09:00 385024 ----a-w- c:\windows\system32\CNMXLMAT.DLL

2013-04-21 20:11 . 2013-04-21 20:11 -------- d--h--w- c:\program files\CanonBJ

2013-04-21 20:11 . 2013-04-21 20:11 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2013-04-21 20:11 . 2012-03-14 09:00 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPAT.DLL

2013-04-21 20:11 . 2012-03-14 09:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDAT.DLL

2013-04-21 20:11 . 2012-03-14 09:00 385024 ----a-w- c:\windows\system32\CNMLMAT.DLL

2013-04-21 20:11 . 2011-03-31 14:07 302080 ----a-w- c:\windows\system32\CNC_ATC.dll

2013-04-21 20:11 . 2011-03-31 14:06 112128 ----a-w- c:\windows\system32\CNC_ATI.dll

2013-04-21 20:11 . 2011-03-30 16:55 373248 ----a-w- c:\windows\system32\CNC_ATL.dll

2013-04-21 20:11 . 2008-08-25 22:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll

2013-04-21 17:40 . 2013-04-21 17:40 -------- d-----w- c:\program files\FileBot

2013-04-16 10:40 . 2013-04-16 21:20 -------- d-----w- c:\windows\system32\drivers\NISx64\1403010.016

2013-04-14 17:34 . 2013-04-14 17:34 -------- d-----w- c:\users\Tyler\AppData\Local\Intuit

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-11 00:49 . 2012-05-04 02:46 2485856 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2013-04-11 00:44 . 2011-06-12 01:32 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-04-04 18:50 . 2011-06-01 04:33 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-29 23:01 . 2012-04-07 16:01 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-29 23:01 . 2011-06-12 01:23 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-28 16:12 . 2013-03-28 16:12 1605760 ----a-w- c:\windows\system32\drivers\hcw89.sys

2013-03-28 16:12 . 2013-03-28 16:12 147456 ----a-w- c:\windows\system32\hcwECPPP.ax

2013-03-28 16:12 . 2013-03-28 16:12 128512 ----a-w- c:\windows\system32\HcwPrx89.ax

2013-03-28 16:12 . 2013-03-28 16:12 110592 ----a-w- c:\windows\system32\hcwCP.ax

2013-03-19 06:04 . 2013-04-10 22:27 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 22:27 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 22:27 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 22:27 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 22:27 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 22:27 112640 ----a-w- c:\windows\system32\smss.exe

2013-03-05 23:11 . 2013-03-05 23:11 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-05 23:11 . 2012-10-26 14:58 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-03-05 23:11 . 2012-01-21 21:14 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-01 03:36 . 2013-04-10 22:27 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-02-28 02:02 . 2013-02-28 02:02 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2013-02-28 01:16 . 2011-06-01 03:32 564824 ----a-w- c:\windows\system32\drivers\sptd.sys

2013-02-26 04:32 . 2013-02-26 04:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll

2013-02-26 04:32 . 2012-10-11 01:22 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-02-26 04:32 . 2012-04-16 21:55 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-02-26 04:32 . 2013-02-26 04:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll

2013-02-26 04:32 . 2012-04-16 21:55 2826040 ----a-w- c:\windows\system32\nvapi64.dll

2013-02-26 04:32 . 2012-07-13 14:11 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll

2013-02-26 04:32 . 2012-04-16 21:55 1814304 ----a-w- c:\windows\system32\nvdispco64.dll

2013-02-26 04:32 . 2012-04-16 21:55 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-02-26 04:32 . 2013-02-26 04:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2013-02-26 04:32 . 2013-02-26 04:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2013-02-26 04:32 . 2013-02-26 04:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll

2013-02-26 04:32 . 2013-02-26 04:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll

2013-02-26 04:32 . 2013-02-26 04:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-02-26 04:32 . 2013-02-26 04:32 245872 ----a-w- c:\windows\system32\nvinitx.dll

2013-02-26 04:32 . 2013-02-26 04:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-02-26 04:32 . 2012-10-11 01:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll

2013-02-26 04:32 . 2013-02-26 04:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll

2013-02-26 04:32 . 2013-02-26 04:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2013-02-26 04:32 . 2012-04-16 21:55 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-02-26 04:32 . 2013-02-26 04:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2013-02-26 04:32 . 2013-02-26 04:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll

2013-02-26 04:32 . 2013-02-26 04:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2013-02-26 04:32 . 2013-02-26 04:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-02-26 04:32 . 2013-02-26 04:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll

2013-02-26 04:32 . 2013-02-26 04:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll

2013-02-22 06:57 . 2013-04-11 00:44 17817088 ----a-w- c:\windows\system32\mshtml.dll

2013-02-22 06:29 . 2013-04-11 00:44 10925568 ----a-w- c:\windows\system32\ieframe.dll

2013-02-22 06:27 . 2013-04-11 00:44 2312704 ----a-w- c:\windows\system32\jscript9.dll

2013-02-22 06:21 . 2013-04-11 00:44 1346560 ----a-w- c:\windows\system32\urlmon.dll

2013-02-22 06:20 . 2013-04-11 00:44 1392128 ----a-w- c:\windows\system32\wininet.dll

2013-02-22 06:19 . 2013-04-11 00:44 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2013-02-22 06:18 . 2013-04-11 00:44 237056 ----a-w- c:\windows\system32\url.dll

2013-02-22 06:17 . 2013-04-11 00:44 85504 ----a-w- c:\windows\system32\jsproxy.dll

2013-02-22 06:15 . 2013-04-11 00:44 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2013-02-22 06:15 . 2013-04-11 00:44 599040 ----a-w- c:\windows\system32\vbscript.dll

2013-02-22 06:15 . 2013-04-11 00:44 816640 ----a-w- c:\windows\system32\jscript.dll

2013-02-22 06:14 . 2013-04-11 00:44 729088 ----a-w- c:\windows\system32\msfeeds.dll

2013-02-22 06:13 . 2013-04-11 00:44 2147840 ----a-w- c:\windows\system32\iertutil.dll

2013-02-22 06:13 . 2013-04-11 00:44 96768 ----a-w- c:\windows\system32\mshtmled.dll

2013-02-22 06:12 . 2013-04-11 00:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-02-22 06:09 . 2013-04-11 00:44 248320 ----a-w- c:\windows\system32\ieui.dll

2013-02-22 03:46 . 2013-04-11 00:44 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-02-22 03:38 . 2013-04-11 00:44 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2013-02-22 03:37 . 2013-04-11 00:44 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-02-22 03:34 . 2013-04-11 00:44 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-02-22 03:34 . 2013-04-11 00:44 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-02-22 03:31 . 2013-04-11 00:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-02-18 13:22 . 2013-02-18 13:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll

2013-02-18 13:22 . 2012-04-16 21:55 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2013-02-18 13:22 . 2013-02-18 13:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

2013-02-15 06:08 . 2013-04-10 22:27 44032 ----a-w- c:\windows\system32\tsgqec.dll

2013-02-15 06:06 . 2013-04-10 22:27 3717632 ----a-w- c:\windows\system32\mstscax.dll

2013-02-15 06:02 . 2013-04-10 22:27 158720 ----a-w- c:\windows\system32\aaclient.dll

2013-02-15 04:37 . 2013-04-10 22:27 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll

2013-02-15 04:34 . 2013-04-10 22:27 131584 ----a-w- c:\windows\SysWow64\aaclient.dll

2013-02-15 03:25 . 2013-04-10 22:27 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]

"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-12-28 5629312]

"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-09-15 3425688]

"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-11-23 5542168]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"Macro Manager"="c:\program files (x86)\GrassSoft\Mouse Recorder\MacroManager.exe" [2009-03-13 2469376]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]

.

c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Tyler\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

R2 initMonitor;Windows Server Initialization Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]

R3 MySQL55;MySQL55;i:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=i:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]

R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-03-23 33184]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 51712]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 51712]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-03-23 21328]

R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [2007-12-03 24064]

R3 VSPerfDrv100;Performance Tools Driver 10.0;i:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-12 1255736]

R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-07-11 20336]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]

R4 SqmProviderSvc;Windows Server SQM Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-08-18 69376]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS [2013-01-22 493656]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800]

S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-06-01 1263200]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [2013-04-12 1390680]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys [2012-11-16 168096]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-28 283200]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130510.001\IDSvia64.sys [2012-11-03 513184]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS [2012-11-16 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS [2013-01-31 432800]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-12-28 140672]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-06-01 3246040]

S2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;c:\program files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [2012-11-03 80504]

S2 HealthAlertsSvc;Windows Server Health Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]

S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-07-20 820568]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]

S2 LANConfig;Windows Server LAN Configuration;c:\program files\Windows Server\Bin\LANConfigSvc.exe [2011-03-02 27520]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520]

S2 NotificationsProviderSvc;Windows Server Notifications Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]

S2 providers_system;Windows Server Download Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27136]

S2 ServiceProviderRegistry;Windows Server Service Provider Registry;c:\program files\Windows Server\Bin\ProviderRegistryService.exe [2012-07-06 41600]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S2 WhsMcClient;Windows Server Media Center Client Service;c:\program files\Windows Server\Bin\WhsMcClient.exe [2012-11-03 112224]

S2 WSConnectorUpdate;Windows Server Connector Update;c:\program files\Windows Server\Bin\WSConnectorUpdate.exe [2011-03-02 228736]

S2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-06-01 285280]

S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2011-03-02 63872]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-20 138912]

S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys [2013-03-28 1605760]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]

S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 23:01]

.

2013-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352576983-2296217787-3144300893-1000Core.job

- c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-12 20:12]

.

2013-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352576983-2296217787-3144300893-1000UA.job

- c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-12 20:12]

.

2013-05-13 c:\windows\Tasks\MATLAB R2011b Startup Accelerator.job

- c:\program files (x86)\MATLAB\R2011b\bin\win64\MATLABStartupAccelerator.exe [2011-09-27 20:34]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Tyler\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-11-23 390728]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]

"Launchpad"="c:\program files (x86)\Windows Server\Bin\Launchpad.exe" [bU]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{130C5540-4FCB-43F9-B37B-249E1F0A3967}: NameServer = 208.67.222.222,208.67.220.220

FF - ProfilePath - c:\users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\rhojk9s5.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1 - f:\program files (x86)\Phyxion.net\Driver Sweeper\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL55]

"ImagePath"="\"i:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"i:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2352576983-2296217787-3144300893-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*©ÈP]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-2352576983-2296217787-3144300893-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*©ÈP\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-2352576983-2296217787-3144300893-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):26,52,49,73,e1,55,5a,c0,a8,27,03,e0,cd,e8,72,ae,91,75,57,d1,f7,

21,53,5b,5e,42,0e,42,d2,2f,59,ed,67,fc,ca,58,f4,9f,31,dc,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-2352576983-2296217787-3144300893-1000_Classes\Wow6432Node\CLSID\{c37c9da5-fd86-4522-b755-5961396939cf}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000010d

"Therad"=dword:0000001b

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-05-13 18:29:32

ComboFix-quarantined-files.txt 2013-05-13 22:29

ComboFix2.txt 2011-06-01 07:08

.

Pre-Run: 17,246,195,712 bytes free

Post-Run: 17,036,316,672 bytes free

.

- - End Of File - - C5E0A60991B9178066034710D4F2E1E8

Link to post
Share on other sites

Your logs are looking good! All I have left for you is some important cleanup:

icon11.gif Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

icon11.gif Uninstall ComboFix

  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Combofix_uninstall_image.jpg

icon11.gif Delete the following tools along with any other logs you saved from our work:

  • FRST and the c:\FRST folder
  • AdwCleaner

icon11.gif Download TFC to your desktop


  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

icon11.gif Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.