ElGuapo Posted July 9, 2013 ID:700480 Share Posted July 9, 2013 IE will randomly redirect with a popup using the following link: http://redirect.cpvrdr.com/ Malwarebytes cannot find it. After looking at the DDS and ATTACH it seems as though it is this "GorillaPrice". However I do not know how to remove it. DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.5.1Run by Ben at 21:34:51 on 2013-07-08Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5354 [GMT -4:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exeC:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exeE:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon64.exeC:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exeC:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Windows\system32\svchost.exe -k imgsvcC:\ProgramData\GorillaPrice\WatGorp.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Eraser\Eraser.exeC:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exeC:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exeC:\Users\Ben\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exeE:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exeC:\Users\Ben\AppData\Roaming\VERIZON\UA_ar\UA.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeE:\Program Files\iTunesHelper.exeC:\Program Files (x86)\GorillaPrice\GorillaPrice.exeC:\Program Files (x86)\Real\RealPlayer\Update\realsched.exeE:\Program Files\NETGEAR Genie\bin\genie_tray.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\splwow64.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\wuauclt.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\System32\MsSpellCheckingFacility.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uSearch Bar = PreservemWinlogon: Userinit = userinit.exe,BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dllTB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dlluRun: [Google Update] "C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [NETGEARGenie] "E:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirectuRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"uRun: [Facebook Update] "C:\Users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserveruRun: [sanDiskSecureAccess_Manager.exe] C:\Users\Ben\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exeuRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunmRun: [biosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exemRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "E:\Program Files\iTunesHelper.exe"mRun: [GorillaPrice] "C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe"mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osbootStartupFolder: C:\Users\Ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VERIZO~1.LNK - C:\Users\Ben\AppData\Roaming\VERIZON\UA_ar\UA.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.1.1TCP: Interfaces\{863DC378-8B36-450B-96A2-BE39757C7D16} : DHCPNameServer = 192.168.1.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestartx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\auzsxy6q.default\FF - prefs.js: browser.startup.homepage - www.google.comFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dllFF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dllFF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dllFF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dllFF - plugin: C:\Users\Ben\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dllFF - plugin: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dllFF - plugin: C:\Users\Ben\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - plugin: E:\Program Files\Mozilla Plugins\npitunes.dllFF - ExtSQL: 2013-07-07 00:19; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext.---- FIREFOX POLICIES ----FF - user.js: extensions.delta.tlbrSrchUrl -FF - user.js: extensions.delta.id - 42b9645d000000000000003067bf2200FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}FF - user.js: extensions.delta.instlDay - 15870FF - user.js: extensions.delta.vrsn - 1.8.21.5FF - user.js: extensions.delta.vrsni - 1.8.21.5FF - user.js: extensions.delta.vrsnTs - 1.8.21.50:15:56FF - user.js: extensions.delta.prtnrId - deltaFF - user.js: extensions.delta.prdct - deltaFF - user.js: extensions.delta.aflt - babsstFF - user.js: extensions.delta.smplGrp - noneFF - user.js: extensions.delta.tlbrId - baseFF - user.js: extensions.delta.instlRef - sstFF - user.js: extensions.delta.dfltLng - enFF - user.js: extensions.delta.excTlbr - falseFF - user.js: extensions.delta.ffxUnstlRst - trueFF - user.js: extensions.delta.admin - falseFF - user.js: extensions.delta_i.babTrack - affID=119842FF - user.js: extensions.delta_i.babExt -FF - user.js: extensions.delta_i.srcExt - ssFF - user.js: extensions.delta.autoRvrt - falseFF - user.js: extensions.delta.rvrt - falseFF - user.js: extensions.delta.newTab - false..============= SERVICES / DRIVERS ===============.R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2009-6-10 14136]R1 BS_I2cIo;BS_I2cIo;C:\Windows\System32\drivers\BS_I2c64.sys [2011-11-20 15408]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-24 203776]R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-6-5 87400]R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-7-17 116632]R2 NETGEARGenieDaemon;NETGEARGenieDaemon;E:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-3-7 1370400]R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-9-13 65657]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]R2 WatGorp;WatGorp;C:\ProgramData\GorillaPrice\WatGorp.exe -service --> C:\ProgramData\GorillaPrice\WatGorp.exe -service [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-20 412776]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-1-30 49152]S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-11-20 20992]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-11-20 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-20 1255736].=============== Created Last 30 ================.2013-07-07 17:40:29 -------- d-----w- C:\Windows\System32\appmgmt2013-07-07 04:19:23 -------- d-----w- C:\Program Files (x86)\RealNetworks2013-07-07 04:19:22 -------- d-----w- C:\ProgramData\RealNetworks2013-07-07 04:19:18 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared2013-07-07 04:19:09 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll2013-07-07 04:19:09 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2013-07-07 04:07:51 -------- d-----w- C:\Users\Ben\AppData\Local\Macromedia2013-07-07 01:25:02 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan2013-07-06 21:01:10 15584 ----a-w- C:\Users\Ben\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll2013-07-05 16:38:13 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76FE0F9A-3DCD-4C1F-A97F-24D3BFD0DEF7}\mpengine.dll2013-07-02 04:29:09 -------- d-----w- C:\ProgramData\Bohemia Interactive Studio2013-06-26 01:06:11 57344 ----a-r- C:\Users\Ben\AppData\Roaming\Microsoft\Installer\{9BB77715-5806-4D39-A1A8-AD98F7DCCA4C}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe2013-06-26 01:06:11 57344 ----a-r- C:\Users\Ben\AppData\Roaming\Microsoft\Installer\{9BB77715-5806-4D39-A1A8-AD98F7DCCA4C}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe2013-06-26 01:06:11 53248 ----a-r- C:\Users\Ben\AppData\Roaming\Microsoft\Installer\{9BB77715-5806-4D39-A1A8-AD98F7DCCA4C}\ARPPRODUCTICON.exe2013-06-26 01:05:37 -------- d-----w- C:\Program Files\SAMSUNG2013-06-26 01:05:28 -------- d-----w- C:\ProgramData\Samsung2013-06-26 01:05:09 -------- d-----w- C:\Users\Ben\AppData\Roaming\VERIZON2013-06-14 04:16:15 -------- d-----w- C:\ProgramData\GorillaPrice2013-06-14 04:16:15 -------- d-----w- C:\Program Files (x86)\GorillaPrice2013-06-14 04:16:13 -------- d-----w- C:\ProgramData\WeCareReminder2013-06-14 04:16:02 -------- d-----w- C:\ProgramData\Tarma Installer2013-06-14 04:15:51 -------- d-----w- C:\ProgramData\Babylon2013-06-14 04:15:50 -------- d-----w- C:\Users\Ben\AppData\Roaming\Babylon2013-06-14 04:15:49 -------- d-----w- C:\Program Files (x86)\OpenDownloaderManager2013-06-12 05:53:54 751104 ----a-w- C:\Windows\System32\win32spl.dll.==================== Find3M ====================.2013-07-07 01:25:01 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-07-07 01:25:01 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-06-04 13:15:02 103448 ----a-w- C:\Windows\System32\drivers\ssudbus.sys2013-06-04 13:15:00 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys.============= FINISH: 21:35:00.92 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 UltimateBoot Device: \Device\HarddiskVolume1Install Date: 11/20/2011 6:48:44 PMSystem Uptime: 7/8/2013 5:54:45 PM (4 hours ago).Motherboard: BIOSTAR Group | | A780L3GProcessor: AMD Phenom II X6 1035T Processor | CPU 1 | 2600/200mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 56 GiB total, 9.236 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 190 GiB total, 26.776 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP219: 7/7/2013 1:40:03 PM - Removed Play withSIX..==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.1)Amazon MP3 Downloader 1.0.17Apple Application SupportApple Mobile Device SupportApple Software UpdateARMA 2ARMA 2: Operation ArrowheadARMA 2: Operation Arrowhead BetaAssassin's Creed IIATI Catalyst Install ManagerATI Catalyst RegistrationBatman: Arkham Asylum GOTY EditionBattlEye for OA UninstallBattlEye UninstallBioShock InfiniteBiosNoticeBonjourBusiness Contact Manager for Outlook 2007 SP2CamStudio OSS Desktop RecorderCatalyst Control Center - BrandingCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews CommonCatalyst Control Center Graphics Previews VistaCatalyst Control Center HydraVision FullCatalyst Control Center InstallProxyccc-core-staticccc-utility64CCC Help EnglishCCleanerDota 2DWGeditorEraser 6.0.9.2343Facebook Video Calling 1.2.0.287Google ChromeHalf-Life: SourceImTOO Video Converter UltimateiTunesJava Auto UpdaterJava 7 Update 5JavaFX 2.1.1Just Cause 2Left 4 Dead 2Malwarebytes Anti-Malware version 1.75.0.1300Metro 2033Microsoft .NET Framework 4 Client ProfileMicrosoft Games for Windows - LIVEMicrosoft Games for Windows - LIVE RedistributableMicrosoft Office 2003 Web ComponentsMicrosoft Office 2007 Primary Interop AssembliesMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Accounting 2007Microsoft Office Accounting ADP Payroll AddinMicrosoft Office Accounting Equifax AddinMicrosoft Office Accounting Fixed Asset ManagerMicrosoft Office Accounting PayPal AddinMicrosoft Office Excel MUI (English) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Professional 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Small Business Connectivity ComponentsMicrosoft Office Word MUI (English) 2007Microsoft SQL Server 2005Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)Microsoft SQL Server Native ClientMicrosoft SQL Server Setup Support Files (English)Microsoft SQL Server VSS WriterMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219MotoCastMotorola Device ManagerMotorola Device Software UpdateMOTOROLA MEDIA LINKMotorola Mobile Drivers Installation 5.9.0Mozilla Firefox 22.0 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)NETGEAR GenieNVIDIA 3D Vision Controller Driver 306.97NVIDIA 3D Vision Driver 311.06NVIDIA Control Panel 311.06NVIDIA Graphics Driver 311.06NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.12.0604NVIDIA Stereoscopic 3D DriverNVIDIA Update 1.11.3NVIDIA Update ComponentsPdf995PortalQuickTimeRealDownloaderRealNetworks - Microsoft Visual C++ 2008 RuntimeRealNetworks - Microsoft Visual C++ 2010 RuntimeRealPlayerRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRealUpgrade 1.1SAMSUNG USB Driver for Mobile PhonesSanDiskSecureAccess_Manager.exeSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687499) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760416) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2760421) 32-Bit EditionSkype™ 6.5SteamThe Elder Scrolls V: SkyrimUbisoft Game LauncherUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596802) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Verizon Wireless Software Utility Application for Android - SamsungWindows Live ID Sign-in AssistantWinRAR 5.00 beta 5 (64-bit)Yahoo! BrowserPlus 2.9.8Yahoo! MessengerYahoo! Software UpdateYahoo! Toolbar.==== Event Viewer Messages From Past Week ========.7/8/2013 5:58:18 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).7/8/2013 5:58:18 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.7/8/2013 5:56:21 PM, Error: Service Control Manager [7022] - The NETGEARGenieDaemon service hung on starting.7/7/2013 12:06:09 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.7/6/2013 9:14:21 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.7/6/2013 9:14:21 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.7/4/2013 1:15:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR9.7/2/2013 4:27:20 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4.7/2/2013 4:15:42 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3..==== End Of File =========================== Thank you. Link to post Share on other sites More sharing options...
Maniac Posted July 9, 2013 ID:700613 Share Posted July 9, 2013 Hello ElGuapo and ! My name is Maniac and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Step 1 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 2 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.Step 3Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner logMalwarebytes' Anti-Malware loga new fresh DDS log Link to post Share on other sites More sharing options...
ElGuapo Posted July 9, 2013 Author ID:700809 Share Posted July 9, 2013 JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.0.2 (07.09.2013:1)OS: Windows 7 Ultimate x64Ran by Ben on Tue 07/09/2013 at 17:16:14.22~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{df84e609-c3a4-49cb-a160-61767daf8899}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{0afd55c8-adf8-4a33-a6e1-dedb7a36aeb4}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{df84e609-c3a4-49cb-a160-61767daf8899}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistpluginSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolutionSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylonFailed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngrFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngrFailed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.capSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\webcakedesktop_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\webcakedesktop_rasmancsFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngrSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} ~~~ Files ~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\babylon"Successfully deleted: [Folder] "C:\ProgramData\tarma installer"Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"Successfully deleted: [Folder] "C:\Users\Ben\AppData\Roaming\babylon" ~~~ FireFoxSuccessfully deleted: [File] C:\Users\Ben\AppData\Roaming\mozilla\firefox\profiles\auzsxy6q.default\user.jsSuccessfully deleted: [File] C:\Users\Ben\AppData\Roaming\mozilla\firefox\profiles\auzsxy6q.default\invalidprefs.jsSuccessfully deleted: [File] C:\Users\Ben\AppData\Roaming\mozilla\firefox\profiles\auzsxy6q.default\searchplugins\babylon.xmlSuccessfully deleted: [File] C:\Users\Ben\AppData\Roaming\mozilla\firefox\profiles\auzsxy6q.default\searchplugins\delta.xmlSuccessfully deleted the following from C:\Users\Ben\AppData\Roaming\mozilla\firefox\profiles\auzsxy6q.default\prefs.jsuser_pref("extensions.delta.admin", false);user_pref("extensions.delta.aflt", "babsst");user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");user_pref("extensions.delta.autoRvrt", "false");user_pref("extensions.delta.dfltLng", "en");user_pref("extensions.delta.excTlbr", false);user_pref("extensions.delta.ffxUnstlRst", true);user_pref("extensions.delta.id", "42b9645d000000000000003067bf2200");user_pref("extensions.delta.instlDay", "15870");user_pref("extensions.delta.instlRef", "sst");user_pref("extensions.delta.newTab", false);user_pref("extensions.delta.prdct", "delta");user_pref("extensions.delta.prtnrId", "delta");user_pref("extensions.delta.rvrt", "false");user_pref("extensions.delta.smplGrp", "none");user_pref("extensions.delta.tlbrId", "base");user_pref("extensions.delta.tlbrSrchUrl", "");user_pref("extensions.delta.vrsn", "1.8.21.5");user_pref("extensions.delta.vrsnTs", "1.8.21.50:15:56");user_pref("extensions.delta.vrsni", "1.8.21.5");user_pref("extensions.delta_i.babExt", "");user_pref("extensions.delta_i.babTrack", "affID=119842");user_pref("extensions.delta_i.srcExt", "ss");user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\ ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 07/09/2013 at 17:19:39.65End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner: # AdwCleaner v2.304 - Logfile created 07/09/2013 at 17:27:20# Updated 03/07/2013 by Xplode# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)# User : Ben - BEN-PC# Boot Mode : Normal# Running from : C:\Users\Ben\Desktop\AdwCleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] ********** [Registry] *****Key Deleted : HKCU\Software\DataMngrKey Deleted : HKCU\Software\DataMngr_ToolbarKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}Key Deleted : HKLM\Software\DataMngrKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Wow6432Node\5f48cd0b238e915Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}Key Deleted : HKLM\SOFTWARE\Tarma InstallerValue Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16611[OK] Registry is clean.-\\ Mozilla Firefox v22.0 (en-US)File : C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\auzsxy6q.default\prefs.jsDeleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sa[...]-\\ Google Chrome v27.0.1453.116File : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Preferences************************* MBAM: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.07.09.09Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16618Ben :: BEN-PC [administrator]7/9/2013 5:30:39 PMmbam-log-2013-07-09 (17-30-39).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 236767Time elapsed: 2 minute(s), 17 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.5.1Run by Ben at 17:33:47 on 2013-07-09Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5541 [GMT -4:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exeC:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exeE:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon64.exeC:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exeC:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Windows\system32\svchost.exe -k imgsvcC:\ProgramData\GorillaPrice\WatGorp.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Eraser\Eraser.exeC:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exeC:\Users\Ben\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exeC:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exeC:\Program Files (x86)\Skype\Phone\Skype.exeE:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exeC:\Users\Ben\AppData\Roaming\VERIZON\UA_ar\UA.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeE:\Program Files\iTunesHelper.exeC:\Program Files (x86)\GorillaPrice\GorillaPrice.exeC:\Program Files (x86)\Real\RealPlayer\Update\realsched.exeE:\Program Files\NETGEAR Genie\bin\genie_tray.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\splwow64.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exeC:\Windows\system32\taskeng.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exeC:\Windows\system32\SearchProtocolHost.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\sppsvc.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wuauclt.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uSearch Bar = PreservemWinlogon: Userinit = userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dlluRun: [Google Update] "C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [NETGEARGenie] "E:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirectuRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"uRun: [Facebook Update] "C:\Users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserveruRun: [sanDiskSecureAccess_Manager.exe] C:\Users\Ben\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exeuRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunmRun: [biosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exemRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "E:\Program Files\iTunesHelper.exe"mRun: [GorillaPrice] "C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe"mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osbootStartupFolder: C:\Users\Ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VERIZO~1.LNK - C:\Users\Ben\AppData\Roaming\VERIZON\UA_ar\UA.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.1.1TCP: Interfaces\{863DC378-8B36-450B-96A2-BE39757C7D16} : DHCPNameServer = 192.168.1.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestartx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\auzsxy6q.default\FF - prefs.js: browser.startup.homepage - www.google.comFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dllFF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dllFF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dllFF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dllFF - plugin: C:\Users\Ben\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dllFF - plugin: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dllFF - plugin: C:\Users\Ben\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - plugin: E:\Program Files\Mozilla Plugins\npitunes.dllFF - ExtSQL: 2013-07-07 00:19; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext.============= SERVICES / DRIVERS ===============.R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2009-6-10 14136]R1 BS_I2cIo;BS_I2cIo;C:\Windows\System32\drivers\BS_I2c64.sys [2011-11-20 15408]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-24 203776]R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-6-5 87400]R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-7-17 116632]R2 NETGEARGenieDaemon;NETGEARGenieDaemon;E:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-3-7 1370400]R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-9-13 65657]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]R2 WatGorp;WatGorp;C:\ProgramData\GorillaPrice\WatGorp.exe -service --> C:\ProgramData\GorillaPrice\WatGorp.exe -service [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-20 412776]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-1-30 49152]S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-11-20 20992]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-11-20 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-20 1255736].=============== Created Last 30 ================.2013-07-09 21:16:13 -------- d-----w- C:\Windows\ERUNT2013-07-09 02:01:38 -------- d-----w- C:\Program Files (x86)\ESET2013-07-07 17:40:29 -------- d-----w- C:\Windows\System32\appmgmt2013-07-07 04:19:23 -------- d-----w- C:\Program Files (x86)\RealNetworks2013-07-07 04:19:22 -------- d-----w- C:\ProgramData\RealNetworks2013-07-07 04:19:18 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared2013-07-07 04:19:09 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll2013-07-07 04:19:09 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2013-07-07 04:07:51 -------- d-----w- C:\Users\Ben\AppData\Local\Macromedia2013-07-07 01:25:02 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan2013-07-06 21:01:10 15584 ----a-w- C:\Users\Ben\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll2013-07-05 16:38:13 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76FE0F9A-3DCD-4C1F-A97F-24D3BFD0DEF7}\mpengine.dll2013-07-02 04:29:09 -------- d-----w- C:\ProgramData\Bohemia Interactive Studio2013-06-26 01:06:11 57344 ----a-r- C:\Users\Ben\AppData\Roaming\Microsoft\Installer\{9BB77715-5806-4D39-A1A8-AD98F7DCCA4C}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe2013-06-26 01:06:11 57344 ----a-r- C:\Users\Ben\AppData\Roaming\Microsoft\Installer\{9BB77715-5806-4D39-A1A8-AD98F7DCCA4C}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe2013-06-26 01:06:11 53248 ----a-r- C:\Users\Ben\AppData\Roaming\Microsoft\Installer\{9BB77715-5806-4D39-A1A8-AD98F7DCCA4C}\ARPPRODUCTICON.exe2013-06-26 01:05:37 -------- d-----w- C:\Program Files\SAMSUNG2013-06-26 01:05:28 -------- d-----w- C:\ProgramData\Samsung2013-06-26 01:05:09 -------- d-----w- C:\Users\Ben\AppData\Roaming\VERIZON2013-06-14 04:16:15 -------- d-----w- C:\ProgramData\GorillaPrice2013-06-14 04:16:15 -------- d-----w- C:\Program Files (x86)\GorillaPrice2013-06-14 04:15:49 -------- d-----w- C:\Program Files (x86)\OpenDownloaderManager2013-06-12 05:53:54 751104 ----a-w- C:\Windows\System32\win32spl.dll.==================== Find3M ====================.2013-07-07 01:25:01 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-07-07 01:25:01 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-06-04 13:15:02 103448 ----a-w- C:\Windows\System32\drivers\ssudbus.sys2013-06-04 13:15:00 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys.============= FINISH: 17:33:55.97 =============== Attach: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 UltimateBoot Device: \Device\HarddiskVolume1Install Date: 11/20/2011 6:48:44 PMSystem Uptime: 7/9/2013 5:28:09 PM (0 hours ago).Motherboard: BIOSTAR Group | | A780L3GProcessor: AMD Phenom II X6 1035T Processor | CPU 1 | 2600/200mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 56 GiB total, 9.017 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 190 GiB total, 26.777 GiB free.F: is FIXED (NTFS) - 298 GiB total, 189.755 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP219: 7/7/2013 1:40:03 PM - Removed Play withSIX..==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.1)Amazon MP3 Downloader 1.0.17Apple Application SupportApple Mobile Device SupportApple Software UpdateARMA 2ARMA 2: Operation ArrowheadARMA 2: Operation Arrowhead BetaAssassin's Creed IIATI Catalyst Install ManagerATI Catalyst RegistrationBatman: Arkham Asylum GOTY EditionBattlEye for OA UninstallBattlEye UninstallBioShock InfiniteBiosNoticeBonjourBusiness Contact Manager for Outlook 2007 SP2CamStudio OSS Desktop RecorderCatalyst Control Center - BrandingCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews CommonCatalyst Control Center Graphics Previews VistaCatalyst Control Center HydraVision FullCatalyst Control Center InstallProxyccc-core-staticccc-utility64CCC Help EnglishCCleanerDota 2DWGeditorEraser 6.0.9.2343ESET Online Scanner v3Facebook Video Calling 1.2.0.287Google ChromeHalf-Life: SourceImTOO Video Converter UltimateiTunesJava Auto UpdaterJava 7 Update 5JavaFX 2.1.1Just Cause 2Left 4 Dead 2Malwarebytes Anti-Malware version 1.75.0.1300Metro 2033Microsoft .NET Framework 4 Client ProfileMicrosoft Games for Windows - LIVEMicrosoft Games for Windows - LIVE RedistributableMicrosoft Office 2003 Web ComponentsMicrosoft Office 2007 Primary Interop AssembliesMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Accounting 2007Microsoft Office Accounting ADP Payroll AddinMicrosoft Office Accounting Equifax AddinMicrosoft Office Accounting Fixed Asset ManagerMicrosoft Office Accounting PayPal AddinMicrosoft Office Excel MUI (English) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Professional 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Small Business Connectivity ComponentsMicrosoft Office Word MUI (English) 2007Microsoft SQL Server 2005Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)Microsoft SQL Server Native ClientMicrosoft SQL Server Setup Support Files (English)Microsoft SQL Server VSS WriterMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219MotoCastMotorola Device ManagerMotorola Device Software UpdateMOTOROLA MEDIA LINKMotorola Mobile Drivers Installation 5.9.0Mozilla Firefox 22.0 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)NETGEAR GenieNVIDIA 3D Vision Controller Driver 306.97NVIDIA 3D Vision Driver 311.06NVIDIA Control Panel 311.06NVIDIA Graphics Driver 311.06NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.12.0604NVIDIA Stereoscopic 3D DriverNVIDIA Update 1.11.3NVIDIA Update ComponentsPdf995PortalQuickTimeRealDownloaderRealNetworks - Microsoft Visual C++ 2008 RuntimeRealNetworks - Microsoft Visual C++ 2010 RuntimeRealPlayerRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRealUpgrade 1.1SAMSUNG USB Driver for Mobile PhonesSanDiskSecureAccess_Manager.exeSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687499) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760416) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2760421) 32-Bit EditionSkype™ 6.5SteamThe Elder Scrolls V: SkyrimUbisoft Game LauncherUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596802) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Verizon Wireless Software Utility Application for Android - SamsungWindows Live ID Sign-in AssistantWinRAR 5.00 beta 5 (64-bit)Yahoo! BrowserPlus 2.9.8Yahoo! MessengerYahoo! Software UpdateYahoo! Toolbar.==== Event Viewer Messages From Past Week ========.7/9/2013 5:31:42 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).7/9/2013 5:31:42 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.7/9/2013 5:29:42 PM, Error: Service Control Manager [7022] - The NETGEARGenieDaemon service hung on starting..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted July 10, 2013 ID:701033 Share Posted July 10, 2013 Well done! How are things now? Link to post Share on other sites More sharing options...
ElGuapo Posted July 10, 2013 Author ID:701330 Share Posted July 10, 2013 The problem still persists and that "gorilla price" process is still running. Link to post Share on other sites More sharing options...
Maniac Posted July 11, 2013 ID:701534 Share Posted July 11, 2013 Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingc...to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please post the C:\ComboFix.txt in your next reply for further review. Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
ElGuapo Posted July 12, 2013 Author ID:701793 Share Posted July 12, 2013 ComboFix 13-07-11.03 - Ben 07/11/2013 20:42:43.1.6 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6498 [GMT -4:00]Running from: c:\users\Ben\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\SysWow64\Packet.dllc:\windows\SysWow64\wpcap.dll..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_NPF-------\Service_NPF..((((((((((((((((((((((((( Files Created from 2013-06-12 to 2013-07-12 )))))))))))))))))))))))))))))))..2013-07-11 00:41 . 2013-07-11 00:41 57344 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{B93BA84F-064D-4FA5-96C6-9D98371F02A6}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe2013-07-11 00:41 . 2013-07-11 00:41 57344 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{B93BA84F-064D-4FA5-96C6-9D98371F02A6}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe2013-07-11 00:41 . 2013-07-11 00:41 53248 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{B93BA84F-064D-4FA5-96C6-9D98371F02A6}\ARPPRODUCTICON.exe2013-07-10 22:21 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE7EB16B-B959-4D9B-801D-EEEC2DAE4E3E}\mpengine.dll2013-07-09 21:16 . 2013-07-09 21:16 -------- d-----w- c:\windows\ERUNT2013-07-09 02:01 . 2013-07-09 02:01 -------- d-----w- c:\program files (x86)\ESET2013-07-07 17:40 . 2013-07-07 17:40 -------- d-----w- c:\windows\system32\appmgmt2013-07-07 04:19 . 2013-07-07 04:19 -------- d-----w- c:\program files (x86)\RealNetworks2013-07-07 04:19 . 2013-07-07 04:19 -------- d-----w- c:\programdata\RealNetworks2013-07-07 04:19 . 2013-07-07 04:19 -------- d-----w- c:\program files (x86)\Common Files\xing shared2013-07-07 04:19 . 2013-07-07 04:19 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll2013-07-07 04:19 . 2013-07-07 04:19 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll2013-07-07 04:07 . 2013-07-07 04:07 -------- d-----w- c:\users\Ben\AppData\Local\Macromedia2013-07-07 01:25 . 2013-07-07 02:15 -------- d-----w- c:\program files (x86)\McAfee Security Scan2013-07-02 04:29 . 2013-07-02 04:29 -------- d-----w- c:\programdata\Bohemia Interactive Studio2013-06-26 01:05 . 2013-06-26 01:05 -------- d-----w- c:\program files\SAMSUNG2013-06-26 01:05 . 2013-06-26 01:05 -------- d-----w- c:\programdata\Samsung2013-06-26 01:05 . 2013-07-11 00:41 -------- d-----w- c:\users\Ben\AppData\Roaming\VERIZON2013-06-14 04:16 . 2013-06-14 04:16 -------- d-----w- c:\programdata\GorillaPrice2013-06-14 04:16 . 2013-06-14 04:16 -------- d-----w- c:\program files (x86)\GorillaPrice2013-06-14 04:15 . 2013-06-14 04:16 -------- d-----w- c:\program files (x86)\OpenDownloaderManager...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-10 22:24 . 2011-11-21 00:11 78185248 ----a-w- c:\windows\system32\MRT.exe2013-07-07 01:25 . 2013-06-02 15:34 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-07-07 01:25 . 2011-11-26 19:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-07-06 21:04 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll2013-07-06 21:04 . 2009-08-18 15:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-06-04 13:15 . 2013-06-04 13:15 103448 ----a-w- c:\windows\system32\drivers\ssudbus.sys2013-06-04 13:15 . 2013-06-04 13:15 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys2013-05-02 06:06 . 2011-11-21 00:19 278800 ------w- c:\windows\system32\MpSigStub.exe2013-04-13 05:49 . 2013-05-14 22:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49 . 2013-05-14 22:14 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49 . 2013-05-14 22:14 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49 . 2013-05-14 22:14 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45 . 2013-05-14 22:14 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-14 22:14 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NETGEARGenie"="e:\program files\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-03-12 1091872]"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-09-13 2051]"Facebook Update"="c:\users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-12 138096]"SanDiskSecureAccess_Manager.exe"="c:\users\Ben\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2013-01-19 30705792]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19604072].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"BiosNotice"="c:\program files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe" [2010-10-13 1003008]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]"iTunesHelper"="e:\program files\iTunesHelper.exe" [2013-02-20 152392]"GorillaPrice"="c:\program files (x86)\GorillaPrice\GorillaPrice.exe" [2013-05-31 805376]"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-07-07 295512].c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk - c:\users\Ben\AppData\Roaming\VERIZON\UA_ar\UA.exe [2013-7-4 868208].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys;c:\windows\SYSNATIVE\drivers\BIOS64.sys [x]S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2c64.sys;c:\windows\SYSNATIVE\drivers\BS_I2c64.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]S2 NETGEARGenieDaemon;NETGEARGenieDaemon;e:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;e:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S2 WatGorp;WatGorp;c:\programdata\GorillaPrice\WatGorp.exe;c:\programdata\GorillaPrice\WatGorp.exe [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - NPF*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2013-06-14 c:\windows\Tasks\0.job- c:\program files\internet explorer\iexplore.exe [2013-07-11 02:28].2013-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3100289139-1003875454-914839026-1000Core.job- c:\users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-12 01:01].2013-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3100289139-1003875454-914839026-1000UA.job- c:\users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-12 01:01].2013-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3100289139-1003875454-914839026-1000Core.job- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 02:20].2013-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3100289139-1003875454-914839026-1000UA.job- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 02:20]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-06 11474024]"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.local;192.168.*.*TCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\auzsxy6q.default\FF - prefs.js: browser.startup.homepage - www.google.comFF - ExtSQL: 2013-07-07 00:19; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext.- - - - ORPHANS REMOVED - - - -.HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startAddRemove-BattlEye for A2 - e:\program files\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exeAddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-3100289139-1003875454-914839026-1000\Software\SecuROM\License information*]"datasecu"=hex:b8,32,6f,4f,dd,93,16,5c,84,95,32,f1,27,e5,db,89,e4,23,74,5d,2f, 6a,c6,8d,13,8b,3b,f7,b8,2d,21,2e,27,b8,48,52,e1,83,d6,15,61,67,bb,ca,1f,2d,\"rkeysecu"=hex:b8,bf,70,bc,a9,a1,f1,09,93,b5,82,2c,ec,a8,f2,47.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exec:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exec:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exec:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe.**************************************************************************.Completion time: 2013-07-11 20:49:37 - machine was rebootedComboFix-quarantined-files.txt 2013-07-12 00:49.Pre-Run: 9,922,547,712 bytes freePost-Run: 9,429,274,624 bytes free.- - End Of File - - CAA050772AD96DE7A14B80F16582E14AA36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
ElGuapo Posted July 12, 2013 Author ID:701794 Share Posted July 12, 2013 Dang, redirect pop-ups are still occurring, gorilla price is still active as well. What is this why won't it die?! Link to post Share on other sites More sharing options...
Maniac Posted July 12, 2013 ID:701929 Share Posted July 12, 2013 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: Driver:: WatGorp Folder:: c:\programdata\GorillaPrice c:\program files (x86)\GorillaPrice Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GorillaPrice"=- JavaClearCache:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Link to post Share on other sites More sharing options...
ElGuapo Posted July 12, 2013 Author ID:702147 Share Posted July 12, 2013 ComboFix 13-07-12.01 - Ben 07/12/2013 17:13:32.2.6 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6571 [GMT -4:00]Running from: c:\users\Ben\Desktop\ComboFix.exeCommand switches used :: c:\users\Ben\Desktop\CFScript.txtSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\GorillaPricec:\program files (x86)\GorillaPrice\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpic:\program files (x86)\GorillaPrice\GorillaPrice.exec:\program files (x86)\GorillaPrice\GPHelper.dllc:\program files (x86)\GorillaPrice\uninstall.exec:\programdata\GorillaPricec:\programdata\GorillaPrice\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpic:\programdata\GorillaPrice\GorillaPrice.exec:\programdata\GorillaPrice\GPHelper.dllc:\programdata\GorillaPrice\watgorp.exe..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_NPF-------\Service_NPF-------\Service_WatGorp..((((((((((((((((((((((((( Files Created from 2013-06-12 to 2013-07-12 )))))))))))))))))))))))))))))))..2013-07-12 21:16 . 2013-07-12 21:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-07-11 00:41 . 2013-07-11 00:41 57344 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{B93BA84F-064D-4FA5-96C6-9D98371F02A6}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe2013-07-11 00:41 . 2013-07-11 00:41 57344 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{B93BA84F-064D-4FA5-96C6-9D98371F02A6}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe2013-07-11 00:41 . 2013-07-11 00:41 53248 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{B93BA84F-064D-4FA5-96C6-9D98371F02A6}\ARPPRODUCTICON.exe2013-07-10 22:21 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE7EB16B-B959-4D9B-801D-EEEC2DAE4E3E}\mpengine.dll2013-07-09 21:16 . 2013-07-09 21:16 -------- d-----w- c:\windows\ERUNT2013-07-09 02:01 . 2013-07-09 02:01 -------- d-----w- c:\program files (x86)\ESET2013-07-07 17:40 . 2013-07-07 17:40 -------- d-----w- c:\windows\system32\appmgmt2013-07-07 04:19 . 2013-07-07 04:19 -------- d-----w- c:\program files (x86)\RealNetworks2013-07-07 04:19 . 2013-07-07 04:19 -------- d-----w- c:\programdata\RealNetworks2013-07-07 04:19 . 2013-07-07 04:19 -------- d-----w- c:\program files (x86)\Common Files\xing shared2013-07-07 04:19 . 2013-07-07 04:19 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll2013-07-07 04:19 . 2013-07-07 04:19 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll2013-07-07 04:07 . 2013-07-07 04:07 -------- d-----w- c:\users\Ben\AppData\Local\Macromedia2013-07-07 01:25 . 2013-07-07 02:15 -------- d-----w- c:\program files (x86)\McAfee Security Scan2013-07-02 04:29 . 2013-07-02 04:29 -------- d-----w- c:\programdata\Bohemia Interactive Studio2013-06-26 01:05 . 2013-06-26 01:05 -------- d-----w- c:\program files\SAMSUNG2013-06-26 01:05 . 2013-06-26 01:05 -------- d-----w- c:\programdata\Samsung2013-06-26 01:05 . 2013-07-11 00:41 -------- d-----w- c:\users\Ben\AppData\Roaming\VERIZON2013-06-14 04:15 . 2013-06-14 04:16 -------- d-----w- c:\program files (x86)\OpenDownloaderManager...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-10 22:24 . 2011-11-21 00:11 78185248 ----a-w- c:\windows\system32\MRT.exe2013-07-07 01:25 . 2013-06-02 15:34 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-07-07 01:25 . 2011-11-26 19:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-07-06 21:04 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll2013-07-06 21:04 . 2009-08-18 15:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-06-04 13:15 . 2013-06-04 13:15 103448 ----a-w- c:\windows\system32\drivers\ssudbus.sys2013-06-04 13:15 . 2013-06-04 13:15 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys2013-05-13 05:51 . 2013-06-12 05:53 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-05-13 05:51 . 2013-06-12 05:53 1464320 ----a-w- c:\windows\system32\crypt32.dll2013-05-13 05:51 . 2013-06-12 05:53 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-05-13 05:50 . 2013-06-12 05:53 52224 ----a-w- c:\windows\system32\certenc.dll2013-05-13 04:45 . 2013-06-12 05:53 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-05-13 04:45 . 2013-06-12 05:53 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll2013-05-13 04:45 . 2013-06-12 05:53 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-05-13 03:43 . 2013-06-12 05:53 1192448 ----a-w- c:\windows\system32\certutil.exe2013-05-13 03:08 . 2013-06-12 05:53 903168 ----a-w- c:\windows\SysWow64\certutil.exe2013-05-13 03:08 . 2013-06-12 05:53 43008 ----a-w- c:\windows\SysWow64\certenc.dll2013-05-10 05:49 . 2013-06-12 05:53 30720 ----a-w- c:\windows\system32\cryptdlg.dll2013-05-10 03:20 . 2013-06-12 05:53 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll2013-05-08 06:39 . 2013-06-12 05:53 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-05-02 06:06 . 2011-11-21 00:19 278800 ------w- c:\windows\system32\MpSigStub.exe2013-04-26 05:51 . 2013-06-12 05:53 751104 ----a-w- c:\windows\system32\win32spl.dll2013-04-26 04:55 . 2013-06-12 05:53 492544 ----a-w- c:\windows\SysWow64\win32spl.dll2013-04-25 23:30 . 2013-06-12 05:53 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll2013-04-17 07:02 . 2013-06-12 05:53 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll2013-04-17 06:24 . 2013-06-12 05:53 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NETGEARGenie"="e:\program files\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-03-12 1091872]"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-09-13 2051]"Facebook Update"="c:\users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-12 138096]"SanDiskSecureAccess_Manager.exe"="c:\users\Ben\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2013-01-19 30705792]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19604072].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"BiosNotice"="c:\program files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe" [2010-10-13 1003008]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]"iTunesHelper"="e:\program files\iTunesHelper.exe" [2013-02-20 152392]"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-07-07 295512].c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk - c:\users\Ben\AppData\Roaming\VERIZON\UA_ar\UA.exe [2013-7-4 868208].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys;c:\windows\SYSNATIVE\drivers\BIOS64.sys [x]S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2c64.sys;c:\windows\SYSNATIVE\drivers\BS_I2c64.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]S2 NETGEARGenieDaemon;NETGEARGenieDaemon;e:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;e:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - NPF.Contents of the 'Scheduled Tasks' folder.2013-06-14 c:\windows\Tasks\0.job- c:\program files\internet explorer\iexplore.exe [2013-07-11 02:28].2013-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3100289139-1003875454-914839026-1000Core.job- c:\users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-12 01:01].2013-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3100289139-1003875454-914839026-1000UA.job- c:\users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-12 01:01].2013-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3100289139-1003875454-914839026-1000Core.job- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 02:20].2013-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3100289139-1003875454-914839026-1000UA.job- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 02:20]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-06 11474024]"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.local;192.168.*.*TCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\auzsxy6q.default\FF - prefs.js: browser.startup.homepage - www.google.comFF - ExtSQL: 2013-07-07 00:19; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext.- - - - ORPHANS REMOVED - - - -.AddRemove-BattlEye for A2 - e:\program files\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exeAddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-3100289139-1003875454-914839026-1000\Software\SecuROM\License information*]"datasecu"=hex:b8,32,6f,4f,dd,93,16,5c,84,95,32,f1,27,e5,db,89,e4,23,74,5d,2f, 6a,c6,8d,13,8b,3b,f7,b8,2d,21,2e,27,b8,48,52,e1,83,d6,15,61,67,bb,ca,1f,2d,\"rkeysecu"=hex:b8,bf,70,bc,a9,a1,f1,09,93,b5,82,2c,ec,a8,f2,47.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exec:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exec:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exec:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe.**************************************************************************.Completion time: 2013-07-12 17:20:05 - machine was rebootedComboFix-quarantined-files.txt 2013-07-12 21:20ComboFix2.txt 2013-07-12 00:49.Pre-Run: 9,243,926,528 bytes freePost-Run: 9,283,391,488 bytes free.- - End Of File - - 43F9DD98871B4AD666FB4F823159434AA36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
Maniac Posted July 13, 2013 ID:702304 Share Posted July 13, 2013 Any progress now? Link to post Share on other sites More sharing options...
ElGuapo Posted July 13, 2013 Author ID:702342 Share Posted July 13, 2013 I haven't had any popups and I don't see that suspect process running. Unless you saw something in the report that looks dangerous, I think my problem has been solved. Thank you so much Maniac. Link to post Share on other sites More sharing options...
Maniac Posted July 13, 2013 ID:702368 Share Posted July 13, 2013 Glad I could help! Step 1Download OTC to your desktop and run itClick Yes to beginning the Cleanup process and remove these components, including this application.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.Step 2Double click on AdwCleaner.exe to run the tool.Click on UninstallConfirm with YesStep 3 Some prevention tips: users.telenet.be/bluepatchy/miekiemoes/prevention.html Safe surfing! Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 14, 2013 ID:702734 Share Posted July 14, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts