Jump to content

IE Redirect


Recommended Posts

IE will randomly redirect with a popup using the following link:

 

http://redirect.cpvrdr.com/

 

Malwarebytes cannot find it.

 

After looking at the DDS and ATTACH it seems as though it is this "GorillaPrice".  However I do not know how to remove it.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.5.1
Run by Ben at 21:34:51 on 2013-07-08
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8191.5354 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
E:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\GorillaPrice\WatGorp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
C:\Users\Ben\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
E:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Users\Ben\AppData\Roaming\VERIZON\UA_ar\UA.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Program Files\iTunesHelper.exe
C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
E:\Program Files\NETGEAR Genie\bin\genie_tray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [Google Update] "C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [NETGEARGenie] "E:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
uRun: [Facebook Update] "C:\Users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [sanDiskSecureAccess_Manager.exe] C:\Users\Ben\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [biosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "E:\Program Files\iTunesHelper.exe"
mRun: [GorillaPrice] "C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
StartupFolder: C:\Users\Ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VERIZO~1.LNK - C:\Users\Ben\AppData\Roaming\VERIZON\UA_ar\UA.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{863DC378-8B36-450B-96A2-BE39757C7D16} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\auzsxy6q.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Ben\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ben\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: E:\Program Files\Mozilla Plugins\npitunes.dll
FF - ExtSQL: 2013-07-07 00:19; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 42b9645d000000000000003067bf2200
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15870
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.50:15:56
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119842
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
============= SERVICES / DRIVERS ===============
.
R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2009-6-10 14136]
R1 BS_I2cIo;BS_I2cIo;C:\Windows\System32\drivers\BS_I2c64.sys [2011-11-20 15408]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-24 203776]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-6-5 87400]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-7-17 116632]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;E:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-3-7 1370400]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-9-13 65657]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 WatGorp;WatGorp;C:\ProgramData\GorillaPrice\WatGorp.exe -service --> C:\ProgramData\GorillaPrice\WatGorp.exe -service [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-20 412776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-1-30 49152]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-11-20 20992]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-11-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-20 1255736]
.
=============== Created Last 30 ================
.
2013-07-07 17:40:29 -------- d-----w- C:\Windows\System32\appmgmt
2013-07-07 04:19:23 -------- d-----w- C:\Program Files (x86)\RealNetworks
2013-07-07 04:19:22 -------- d-----w- C:\ProgramData\RealNetworks
2013-07-07 04:19:18 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2013-07-07 04:19:09 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-07-07 04:19:09 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-07-07 04:07:51 -------- d-----w- C:\Users\Ben\AppData\Local\Macromedia
2013-07-07 01:25:02 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2013-07-06 21:01:10 15584 ----a-w- C:\Users\Ben\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2013-07-05 16:38:13 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76FE0F9A-3DCD-4C1F-A97F-24D3BFD0DEF7}\mpengine.dll
2013-07-02 04:29:09 -------- d-----w- C:\ProgramData\Bohemia Interactive Studio
2013-06-26 01:06:11 57344 ----a-r- C:\Users\Ben\AppData\Roaming\Microsoft\Installer\{9BB77715-5806-4D39-A1A8-AD98F7DCCA4C}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
2013-06-26 01:06:11 57344 ----a-r- C:\Users\Ben\AppData\Roaming\Microsoft\Installer\{9BB77715-5806-4D39-A1A8-AD98F7DCCA4C}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
2013-06-26 01:06:11 53248 ----a-r- C:\Users\Ben\AppData\Roaming\Microsoft\Installer\{9BB77715-5806-4D39-A1A8-AD98F7DCCA4C}\ARPPRODUCTICON.exe
2013-06-26 01:05:37 -------- d-----w- C:\Program Files\SAMSUNG
2013-06-26 01:05:28 -------- d-----w- C:\ProgramData\Samsung
2013-06-26 01:05:09 -------- d-----w- C:\Users\Ben\AppData\Roaming\VERIZON
2013-06-14 04:16:15 -------- d-----w- C:\ProgramData\GorillaPrice
2013-06-14 04:16:15 -------- d-----w- C:\Program Files (x86)\GorillaPrice
2013-06-14 04:16:13 -------- d-----w- C:\ProgramData\WeCareReminder
2013-06-14 04:16:02 -------- d-----w- C:\ProgramData\Tarma Installer
2013-06-14 04:15:51 -------- d-----w- C:\ProgramData\Babylon
2013-06-14 04:15:50 -------- d-----w- C:\Users\Ben\AppData\Roaming\Babylon
2013-06-14 04:15:49 -------- d-----w- C:\Program Files (x86)\OpenDownloaderManager
2013-06-12 05:53:54 751104 ----a-w- C:\Windows\System32\win32spl.dll
.
==================== Find3M  ====================
.
2013-07-07 01:25:01 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-07 01:25:01 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-04 13:15:02 103448 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-06-04 13:15:00 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 21:35:00.92 ===============
 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/20/2011 6:48:44 PM
System Uptime: 7/8/2013 5:54:45 PM (4 hours ago)
.
Motherboard: BIOSTAR Group |  | A780L3G
Processor: AMD Phenom II X6 1035T Processor | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 9.236 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 190 GiB total, 26.776 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP219: 7/7/2013 1:40:03 PM - Removed Play withSIX.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARMA 2
ARMA 2: Operation Arrowhead
ARMA 2: Operation Arrowhead Beta
Assassin's Creed II
ATI Catalyst Install Manager
ATI Catalyst Registration
Batman: Arkham Asylum GOTY Edition
BattlEye for OA Uninstall
BattlEye Uninstall
BioShock Infinite
BiosNotice
Bonjour
Business Contact Manager for Outlook 2007 SP2
CamStudio OSS Desktop Recorder
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility64
CCC Help English
CCleaner
Dota 2
DWGeditor
Eraser 6.0.9.2343
Facebook Video Calling 1.2.0.287
Google Chrome
Half-Life: Source
ImTOO Video Converter Ultimate
iTunes
Java Auto Updater
Java 7 Update 5
JavaFX 2.1.1
Just Cause 2
Left 4 Dead 2
Malwarebytes Anti-Malware version 1.75.0.1300
Metro 2033
Microsoft .NET Framework 4 Client Profile
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MotoCast
Motorola Device Manager
Motorola Device Software Update
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 5.9.0
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
NETGEAR Genie
NVIDIA 3D Vision Controller Driver 306.97
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Pdf995
Portal
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
SAMSUNG USB Driver for Mobile Phones
SanDiskSecureAccess_Manager.exe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype™ 6.5
Steam
The Elder Scrolls V: Skyrim
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon Wireless Software Utility Application for Android - Samsung
Windows Live ID Sign-in Assistant
WinRAR 5.00 beta 5 (64-bit)
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/8/2013 5:58:18 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/8/2013 5:58:18 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
7/8/2013 5:56:21 PM, Error: Service Control Manager [7022]  - The NETGEARGenieDaemon service hung on starting.
7/7/2013 12:06:09 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
7/6/2013 9:14:21 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/6/2013 9:14:21 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
7/4/2013 1:15:46 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR9.
7/2/2013 4:27:20 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR4.
7/2/2013 4:15:42 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR3.
.
==== End Of File ===========================
 

 

Thank you.

Link to post
Share on other sites

Hello ElGuapo and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 3
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log
Link to post
Share on other sites

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.2 (07.09.2013:1)
OS: Windows 7 Ultimate x64
Ran by Ben on Tue 07/09/2013 at 17:16:14.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{df84e609-c3a4-49cb-a160-61767daf8899}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{0afd55c8-adf8-4a33-a6e1-dedb7a36aeb4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{df84e609-c3a4-49cb-a160-61767daf8899}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\webcakedesktop_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"
Successfully deleted: [Folder] "C:\Users\Ben\AppData\Roaming\babylon"

 

~~~ FireFox

Successfully deleted: [File] C:\Users\Ben\AppData\Roaming\mozilla\firefox\profiles\auzsxy6q.default\user.js
Successfully deleted: [File] C:\Users\Ben\AppData\Roaming\mozilla\firefox\profiles\auzsxy6q.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Ben\AppData\Roaming\mozilla\firefox\profiles\auzsxy6q.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\Ben\AppData\Roaming\mozilla\firefox\profiles\auzsxy6q.default\searchplugins\delta.xml
Successfully deleted the following from C:\Users\Ben\AppData\Roaming\mozilla\firefox\profiles\auzsxy6q.default\prefs.js

user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "42b9645d000000000000003067bf2200");
user_pref("extensions.delta.instlDay", "15870");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.21.5");
user_pref("extensions.delta.vrsnTs", "1.8.21.50:15:56");
user_pref("extensions.delta.vrsni", "1.8.21.5");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=119842");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/09/2013 at 17:19:39.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

AdwCleaner:

 

 

# AdwCleaner v2.304 - Logfile created 07/09/2013 at 17:27:20
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Ben - BEN-PC
# Boot Mode : Normal
# Running from : C:\Users\Ben\Desktop\AdwCleaner.exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5f48cd0b238e915
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\auzsxy6q.default\prefs.js

Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sa[...]

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Preferences

*************************

 

MBAM:

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.09.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Ben :: BEN-PC [administrator]

7/9/2013 5:30:39 PM
mbam-log-2013-07-09 (17-30-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236767
Time elapsed: 2 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

DDS:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.5.1
Run by Ben at 17:33:47 on 2013-07-09
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8191.5541 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
E:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\GorillaPrice\WatGorp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Users\Ben\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
E:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Users\Ben\AppData\Roaming\VERIZON\UA_ar\UA.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Program Files\iTunesHelper.exe
C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
E:\Program Files\NETGEAR Genie\bin\genie_tray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
uRun: [Google Update] "C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [NETGEARGenie] "E:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
uRun: [Facebook Update] "C:\Users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [sanDiskSecureAccess_Manager.exe] C:\Users\Ben\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [biosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "E:\Program Files\iTunesHelper.exe"
mRun: [GorillaPrice] "C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
StartupFolder: C:\Users\Ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VERIZO~1.LNK - C:\Users\Ben\AppData\Roaming\VERIZON\UA_ar\UA.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.1
TCP: Interfaces\{863DC378-8B36-450B-96A2-BE39757C7D16} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\auzsxy6q.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Ben\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ben\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: E:\Program Files\Mozilla Plugins\npitunes.dll
FF - ExtSQL: 2013-07-07 00:19; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2009-6-10 14136]
R1 BS_I2cIo;BS_I2cIo;C:\Windows\System32\drivers\BS_I2c64.sys [2011-11-20 15408]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-24 203776]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-6-5 87400]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-7-17 116632]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;E:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-3-7 1370400]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-9-13 65657]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 WatGorp;WatGorp;C:\ProgramData\GorillaPrice\WatGorp.exe -service --> C:\ProgramData\GorillaPrice\WatGorp.exe -service [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-20 412776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-1-30 49152]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-11-20 20992]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-11-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-20 1255736]
.
=============== Created Last 30 ================
.
2013-07-09 21:16:13 -------- d-----w- C:\Windows\ERUNT
2013-07-09 02:01:38 -------- d-----w- C:\Program Files (x86)\ESET
2013-07-07 17:40:29 -------- d-----w- C:\Windows\System32\appmgmt
2013-07-07 04:19:23 -------- d-----w- C:\Program Files (x86)\RealNetworks
2013-07-07 04:19:22 -------- d-----w- C:\ProgramData\RealNetworks
2013-07-07 04:19:18 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2013-07-07 04:19:09 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-07-07 04:19:09 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-07-07 04:07:51 -------- d-----w- C:\Users\Ben\AppData\Local\Macromedia
2013-07-07 01:25:02 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2013-07-06 21:01:10 15584 ----a-w- C:\Users\Ben\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2013-07-05 16:38:13 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76FE0F9A-3DCD-4C1F-A97F-24D3BFD0DEF7}\mpengine.dll
2013-07-02 04:29:09 -------- d-----w- C:\ProgramData\Bohemia Interactive Studio
2013-06-26 01:06:11 57344 ----a-r- C:\Users\Ben\AppData\Roaming\Microsoft\Installer\{9BB77715-5806-4D39-A1A8-AD98F7DCCA4C}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
2013-06-26 01:06:11 57344 ----a-r- C:\Users\Ben\AppData\Roaming\Microsoft\Installer\{9BB77715-5806-4D39-A1A8-AD98F7DCCA4C}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
2013-06-26 01:06:11 53248 ----a-r- C:\Users\Ben\AppData\Roaming\Microsoft\Installer\{9BB77715-5806-4D39-A1A8-AD98F7DCCA4C}\ARPPRODUCTICON.exe
2013-06-26 01:05:37 -------- d-----w- C:\Program Files\SAMSUNG
2013-06-26 01:05:28 -------- d-----w- C:\ProgramData\Samsung
2013-06-26 01:05:09 -------- d-----w- C:\Users\Ben\AppData\Roaming\VERIZON
2013-06-14 04:16:15 -------- d-----w- C:\ProgramData\GorillaPrice
2013-06-14 04:16:15 -------- d-----w- C:\Program Files (x86)\GorillaPrice
2013-06-14 04:15:49 -------- d-----w- C:\Program Files (x86)\OpenDownloaderManager
2013-06-12 05:53:54 751104 ----a-w- C:\Windows\System32\win32spl.dll
.
==================== Find3M  ====================
.
2013-07-07 01:25:01 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-07 01:25:01 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-04 13:15:02 103448 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-06-04 13:15:00 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH: 17:33:55.97 ===============
 

 

 

Attach:

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/20/2011 6:48:44 PM
System Uptime: 7/9/2013 5:28:09 PM (0 hours ago)
.
Motherboard: BIOSTAR Group |  | A780L3G
Processor: AMD Phenom II X6 1035T Processor | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 9.017 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 190 GiB total, 26.777 GiB free.
F: is FIXED (NTFS) - 298 GiB total, 189.755 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP219: 7/7/2013 1:40:03 PM - Removed Play withSIX.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARMA 2
ARMA 2: Operation Arrowhead
ARMA 2: Operation Arrowhead Beta
Assassin's Creed II
ATI Catalyst Install Manager
ATI Catalyst Registration
Batman: Arkham Asylum GOTY Edition
BattlEye for OA Uninstall
BattlEye Uninstall
BioShock Infinite
BiosNotice
Bonjour
Business Contact Manager for Outlook 2007 SP2
CamStudio OSS Desktop Recorder
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility64
CCC Help English
CCleaner
Dota 2
DWGeditor
Eraser 6.0.9.2343
ESET Online Scanner v3
Facebook Video Calling 1.2.0.287
Google Chrome
Half-Life: Source
ImTOO Video Converter Ultimate
iTunes
Java Auto Updater
Java 7 Update 5
JavaFX 2.1.1
Just Cause 2
Left 4 Dead 2
Malwarebytes Anti-Malware version 1.75.0.1300
Metro 2033
Microsoft .NET Framework 4 Client Profile
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MotoCast
Motorola Device Manager
Motorola Device Software Update
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 5.9.0
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
NETGEAR Genie
NVIDIA 3D Vision Controller Driver 306.97
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Pdf995
Portal
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
SAMSUNG USB Driver for Mobile Phones
SanDiskSecureAccess_Manager.exe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype™ 6.5
Steam
The Elder Scrolls V: Skyrim
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon Wireless Software Utility Application for Android - Samsung
Windows Live ID Sign-in Assistant
WinRAR 5.00 beta 5 (64-bit)
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/9/2013 5:31:42 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/9/2013 5:31:42 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
7/9/2013 5:29:42 PM, Error: Service Control Manager [7022]  - The NETGEARGenieDaemon service hung on starting.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

 

ComboFix 13-07-11.03 - Ben 07/11/2013  20:42:43.1.6 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8191.6498 [GMT -4:00]

Running from: c:\users\Ben\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\wpcap.dll

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_NPF

.

.

(((((((((((((((((((((((((   Files Created from 2013-06-12 to 2013-07-12  )))))))))))))))))))))))))))))))

.

.

2013-07-11 00:41 . 2013-07-11 00:41 57344 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{B93BA84F-064D-4FA5-96C6-9D98371F02A6}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe

2013-07-11 00:41 . 2013-07-11 00:41 57344 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{B93BA84F-064D-4FA5-96C6-9D98371F02A6}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe

2013-07-11 00:41 . 2013-07-11 00:41 53248 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{B93BA84F-064D-4FA5-96C6-9D98371F02A6}\ARPPRODUCTICON.exe

2013-07-10 22:21 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE7EB16B-B959-4D9B-801D-EEEC2DAE4E3E}\mpengine.dll

2013-07-09 21:16 . 2013-07-09 21:16 -------- d-----w- c:\windows\ERUNT

2013-07-09 02:01 . 2013-07-09 02:01 -------- d-----w- c:\program files (x86)\ESET

2013-07-07 17:40 . 2013-07-07 17:40 -------- d-----w- c:\windows\system32\appmgmt

2013-07-07 04:19 . 2013-07-07 04:19 -------- d-----w- c:\program files (x86)\RealNetworks

2013-07-07 04:19 . 2013-07-07 04:19 -------- d-----w- c:\programdata\RealNetworks

2013-07-07 04:19 . 2013-07-07 04:19 -------- d-----w- c:\program files (x86)\Common Files\xing shared

2013-07-07 04:19 . 2013-07-07 04:19 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2013-07-07 04:19 . 2013-07-07 04:19 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2013-07-07 04:07 . 2013-07-07 04:07 -------- d-----w- c:\users\Ben\AppData\Local\Macromedia

2013-07-07 01:25 . 2013-07-07 02:15 -------- d-----w- c:\program files (x86)\McAfee Security Scan

2013-07-02 04:29 . 2013-07-02 04:29 -------- d-----w- c:\programdata\Bohemia Interactive Studio

2013-06-26 01:05 . 2013-06-26 01:05 -------- d-----w- c:\program files\SAMSUNG

2013-06-26 01:05 . 2013-06-26 01:05 -------- d-----w- c:\programdata\Samsung

2013-06-26 01:05 . 2013-07-11 00:41 -------- d-----w- c:\users\Ben\AppData\Roaming\VERIZON

2013-06-14 04:16 . 2013-06-14 04:16 -------- d-----w- c:\programdata\GorillaPrice

2013-06-14 04:16 . 2013-06-14 04:16 -------- d-----w- c:\program files (x86)\GorillaPrice

2013-06-14 04:15 . 2013-06-14 04:16 -------- d-----w- c:\program files (x86)\OpenDownloaderManager

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-10 22:24 . 2011-11-21 00:11 78185248 ----a-w- c:\windows\system32\MRT.exe

2013-07-07 01:25 . 2013-06-02 15:34 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-07-07 01:25 . 2011-11-26 19:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-06 21:04 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2013-07-06 21:04 . 2009-08-18 15:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-06-04 13:15 . 2013-06-04 13:15 103448 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2013-06-04 13:15 . 2013-06-04 13:15 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2013-05-02 06:06 . 2011-11-21 00:19 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-13 05:49 . 2013-05-14 22:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-14 22:14 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-14 22:14 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-14 22:14 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-14 22:14 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-14 22:14 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NETGEARGenie"="e:\program files\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-03-12 1091872]

"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-09-13 2051]

"Facebook Update"="c:\users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-12 138096]

"SanDiskSecureAccess_Manager.exe"="c:\users\Ben\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2013-01-19 30705792]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19604072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BiosNotice"="c:\program files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe" [2010-10-13 1003008]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="e:\program files\iTunesHelper.exe" [2013-02-20 152392]

"GorillaPrice"="c:\program files (x86)\GorillaPrice\GorillaPrice.exe" [2013-05-31 805376]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-07-07 295512]

.

c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Verizon Wireless Software Utility Application for Android – Samsung.lnk - c:\users\Ben\AppData\Roaming\VERIZON\UA_ar\UA.exe [2013-7-4 868208]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys;c:\windows\SYSNATIVE\drivers\BIOS64.sys [x]

S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2c64.sys;c:\windows\SYSNATIVE\drivers\BS_I2c64.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]

S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]

S2 NETGEARGenieDaemon;NETGEARGenieDaemon;e:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;e:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]

S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 WatGorp;WatGorp;c:\programdata\GorillaPrice\WatGorp.exe;c:\programdata\GorillaPrice\WatGorp.exe [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - NPF

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-14 c:\windows\Tasks\0.job

- c:\program files\internet explorer\iexplore.exe [2013-07-11 02:28]

.

2013-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3100289139-1003875454-914839026-1000Core.job

- c:\users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-12 01:01]

.

2013-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3100289139-1003875454-914839026-1000UA.job

- c:\users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-12 01:01]

.

2013-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3100289139-1003875454-914839026-1000Core.job

- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 02:20]

.

2013-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3100289139-1003875454-914839026-1000UA.job

- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 02:20]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-06 11474024]

"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;192.168.*.*

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\auzsxy6q.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - ExtSQL: 2013-07-07 00:19; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

.

- - - - ORPHANS REMOVED - - - -

.

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-BattlEye for A2 - e:\program files\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3100289139-1003875454-914839026-1000\Software\SecuROM\License information*]

"datasecu"=hex:b8,32,6f,4f,dd,93,16,5c,84,95,32,f1,27,e5,db,89,e4,23,74,5d,2f,

   6a,c6,8d,13,8b,3b,f7,b8,2d,21,2e,27,b8,48,52,e1,83,d6,15,61,67,bb,ca,1f,2d,\

"rkeysecu"=hex:b8,bf,70,bc,a9,a1,f1,09,93,b5,82,2c,ec,a8,f2,47

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

.

**************************************************************************

.

Completion time: 2013-07-11  20:49:37 - machine was rebooted

ComboFix-quarantined-files.txt  2013-07-12 00:49

.

Pre-Run: 9,922,547,712 bytes free

Post-Run: 9,429,274,624 bytes free

.

- - End Of File - - CAA050772AD96DE7A14B80F16582E14A

A36C5E4F47E84449FF07ED3517B43A31

 

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::

WatGorp

Folder::

c:\programdata\GorillaPrice

c:\program files (x86)\GorillaPrice

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GorillaPrice"=-

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

 

ComboFix 13-07-12.01 - Ben 07/12/2013  17:13:32.2.6 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8191.6571 [GMT -4:00]

Running from: c:\users\Ben\Desktop\ComboFix.exe

Command switches used :: c:\users\Ben\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\GorillaPrice

c:\program files (x86)\GorillaPrice\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi

c:\program files (x86)\GorillaPrice\GorillaPrice.exe

c:\program files (x86)\GorillaPrice\GPHelper.dll

c:\program files (x86)\GorillaPrice\uninstall.exe

c:\programdata\GorillaPrice

c:\programdata\GorillaPrice\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi

c:\programdata\GorillaPrice\GorillaPrice.exe

c:\programdata\GorillaPrice\GPHelper.dll

c:\programdata\GorillaPrice\watgorp.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_NPF

-------\Service_WatGorp

.

.

(((((((((((((((((((((((((   Files Created from 2013-06-12 to 2013-07-12  )))))))))))))))))))))))))))))))

.

.

2013-07-12 21:16 . 2013-07-12 21:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-07-11 00:41 . 2013-07-11 00:41 57344 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{B93BA84F-064D-4FA5-96C6-9D98371F02A6}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe

2013-07-11 00:41 . 2013-07-11 00:41 57344 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{B93BA84F-064D-4FA5-96C6-9D98371F02A6}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe

2013-07-11 00:41 . 2013-07-11 00:41 53248 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{B93BA84F-064D-4FA5-96C6-9D98371F02A6}\ARPPRODUCTICON.exe

2013-07-10 22:21 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE7EB16B-B959-4D9B-801D-EEEC2DAE4E3E}\mpengine.dll

2013-07-09 21:16 . 2013-07-09 21:16 -------- d-----w- c:\windows\ERUNT

2013-07-09 02:01 . 2013-07-09 02:01 -------- d-----w- c:\program files (x86)\ESET

2013-07-07 17:40 . 2013-07-07 17:40 -------- d-----w- c:\windows\system32\appmgmt

2013-07-07 04:19 . 2013-07-07 04:19 -------- d-----w- c:\program files (x86)\RealNetworks

2013-07-07 04:19 . 2013-07-07 04:19 -------- d-----w- c:\programdata\RealNetworks

2013-07-07 04:19 . 2013-07-07 04:19 -------- d-----w- c:\program files (x86)\Common Files\xing shared

2013-07-07 04:19 . 2013-07-07 04:19 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2013-07-07 04:19 . 2013-07-07 04:19 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2013-07-07 04:07 . 2013-07-07 04:07 -------- d-----w- c:\users\Ben\AppData\Local\Macromedia

2013-07-07 01:25 . 2013-07-07 02:15 -------- d-----w- c:\program files (x86)\McAfee Security Scan

2013-07-02 04:29 . 2013-07-02 04:29 -------- d-----w- c:\programdata\Bohemia Interactive Studio

2013-06-26 01:05 . 2013-06-26 01:05 -------- d-----w- c:\program files\SAMSUNG

2013-06-26 01:05 . 2013-06-26 01:05 -------- d-----w- c:\programdata\Samsung

2013-06-26 01:05 . 2013-07-11 00:41 -------- d-----w- c:\users\Ben\AppData\Roaming\VERIZON

2013-06-14 04:15 . 2013-06-14 04:16 -------- d-----w- c:\program files (x86)\OpenDownloaderManager

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-10 22:24 . 2011-11-21 00:11 78185248 ----a-w- c:\windows\system32\MRT.exe

2013-07-07 01:25 . 2013-06-02 15:34 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-07-07 01:25 . 2011-11-26 19:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-06 21:04 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2013-07-06 21:04 . 2009-08-18 15:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-06-04 13:15 . 2013-06-04 13:15 103448 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2013-06-04 13:15 . 2013-06-04 13:15 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2013-05-13 05:51 . 2013-06-12 05:53 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-05-13 05:51 . 2013-06-12 05:53 1464320 ----a-w- c:\windows\system32\crypt32.dll

2013-05-13 05:51 . 2013-06-12 05:53 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-13 05:50 . 2013-06-12 05:53 52224 ----a-w- c:\windows\system32\certenc.dll

2013-05-13 04:45 . 2013-06-12 05:53 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-05-13 04:45 . 2013-06-12 05:53 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-05-13 04:45 . 2013-06-12 05:53 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-05-13 03:43 . 2013-06-12 05:53 1192448 ----a-w- c:\windows\system32\certutil.exe

2013-05-13 03:08 . 2013-06-12 05:53 903168 ----a-w- c:\windows\SysWow64\certutil.exe

2013-05-13 03:08 . 2013-06-12 05:53 43008 ----a-w- c:\windows\SysWow64\certenc.dll

2013-05-10 05:49 . 2013-06-12 05:53 30720 ----a-w- c:\windows\system32\cryptdlg.dll

2013-05-10 03:20 . 2013-06-12 05:53 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll

2013-05-08 06:39 . 2013-06-12 05:53 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-02 06:06 . 2011-11-21 00:19 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-26 05:51 . 2013-06-12 05:53 751104 ----a-w- c:\windows\system32\win32spl.dll

2013-04-26 04:55 . 2013-06-12 05:53 492544 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-04-25 23:30 . 2013-06-12 05:53 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll

2013-04-17 07:02 . 2013-06-12 05:53 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2013-04-17 06:24 . 2013-06-12 05:53 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NETGEARGenie"="e:\program files\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-03-12 1091872]

"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-09-13 2051]

"Facebook Update"="c:\users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-12 138096]

"SanDiskSecureAccess_Manager.exe"="c:\users\Ben\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2013-01-19 30705792]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19604072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BiosNotice"="c:\program files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe" [2010-10-13 1003008]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="e:\program files\iTunesHelper.exe" [2013-02-20 152392]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-07-07 295512]

.

c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Verizon Wireless Software Utility Application for Android – Samsung.lnk - c:\users\Ben\AppData\Roaming\VERIZON\UA_ar\UA.exe [2013-7-4 868208]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys;c:\windows\SYSNATIVE\drivers\BIOS64.sys [x]

S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2c64.sys;c:\windows\SYSNATIVE\drivers\BS_I2c64.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]

S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]

S2 NETGEARGenieDaemon;NETGEARGenieDaemon;e:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;e:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]

S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - NPF

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-14 c:\windows\Tasks\0.job

- c:\program files\internet explorer\iexplore.exe [2013-07-11 02:28]

.

2013-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3100289139-1003875454-914839026-1000Core.job

- c:\users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-12 01:01]

.

2013-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3100289139-1003875454-914839026-1000UA.job

- c:\users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-12 01:01]

.

2013-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3100289139-1003875454-914839026-1000Core.job

- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 02:20]

.

2013-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3100289139-1003875454-914839026-1000UA.job

- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 02:20]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-06 11474024]

"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;192.168.*.*

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\auzsxy6q.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - ExtSQL: 2013-07-07 00:19; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-BattlEye for A2 - e:\program files\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3100289139-1003875454-914839026-1000\Software\SecuROM\License information*]

"datasecu"=hex:b8,32,6f,4f,dd,93,16,5c,84,95,32,f1,27,e5,db,89,e4,23,74,5d,2f,

   6a,c6,8d,13,8b,3b,f7,b8,2d,21,2e,27,b8,48,52,e1,83,d6,15,61,67,bb,ca,1f,2d,\

"rkeysecu"=hex:b8,bf,70,bc,a9,a1,f1,09,93,b5,82,2c,ec,a8,f2,47

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

.

**************************************************************************

.

Completion time: 2013-07-12  17:20:05 - machine was rebooted

ComboFix-quarantined-files.txt  2013-07-12 21:20

ComboFix2.txt  2013-07-12 00:49

.

Pre-Run: 9,243,926,528 bytes free

Post-Run: 9,283,391,488 bytes free

.

- - End Of File - - 43F9DD98871B4AD666FB4F823159434A

A36C5E4F47E84449FF07ED3517B43A31

 

Link to post
Share on other sites

Glad I could help! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Some prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.