Jump to content

Malwarebytes

Security Shield Help Please.

- - - - -
Started by jahjaylee, May 24 2012 08:24 PM


65 replies to this topic

#21
D-FRED-BROWN
Posted 30 May 2012 - 10:03 PM

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 2,205 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food
Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote

KILLALL::

Folder::
C:\Users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image Thank you!

#22
jahjaylee
Posted 31 May 2012 - 07:57 PM

    New Member

  • Members
  • Pip
  • 38 posts
ComboFix 12-05-31.02 - Jay Lee 05/31/2012 20:24:43.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2898 [GMT -4:00]
Running from: c:\users\Jay Lee\Desktop\ComboFix.exe
Command switches used :: c:\users\Jay Lee\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}
c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\@
c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\L\00000004.@
c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\L\1afb2d56
c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\L\80000032.@
c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\n
c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\U\00000004.@
c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\U\000000cb.@
c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\U\80000000.@
c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\U\80000032.@
c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\U\80000064.@
.
.
((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2071-07-25 13:13 . 2006-11-22 00:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-06-01 00:34 . 2012-06-01 00:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-31 22:27 . 2012-05-31 22:27 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\LolClient2
2012-05-29 21:13 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8F2C012-54D2-4582-85DE-F137BE6C34EE}\mpengine.dll
2012-05-24 23:51 . 2012-05-24 23:51 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\Malwarebytes
2012-05-24 23:47 . 2012-05-24 23:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-24 23:47 . 2012-05-24 23:47 -------- d-----w- c:\programdata\Malwarebytes
2012-05-24 23:47 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-24 02:28 . 2012-05-24 02:28 -------- d-----w- c:\users\Jay Lee\AppData\Local\{27A58CEF-A548-11E1-8270-B8AC6F996F26}
2012-05-24 02:28 . 2012-05-24 02:28 -------- d-----w- c:\users\Jay Lee\AppData\Local\{27A55A5A-A548-11E1-8270-B8AC6F996F26}
2012-05-16 04:44 . 2012-05-31 21:56 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\programdata\AMD
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\AMD AVT
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\AMD APP
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-05-16 03:50 . 2012-05-16 03:51 -------- d-----w- c:\programdata\DriverGenius
2012-05-16 00:49 . 2012-05-16 07:37 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-16 00:36 . 2012-05-16 00:37 -------- d-----w- c:\programdata\Battle.net
2012-05-14 07:18 . 2012-05-14 07:18 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\Trine2
2012-05-10 06:55 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 06:55 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 06:55 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 06:55 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 06:55 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 06:55 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 06:55 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-10 06:55 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-10 06:55 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-10 06:55 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-10 06:54 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 06:54 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 06:54 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 06:54 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 06:54 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 06:54 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 06:54 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 06:54 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 06:54 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 06:54 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 06:54 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 05:34 . 2012-04-06 05:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 05:34 . 2012-04-06 05:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 05:34 . 2012-04-06 05:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 05:33 . 2012-04-06 05:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 05:33 . 2012-04-06 05:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 05:33 . 2012-04-06 05:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 05:32 . 2012-04-06 05:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 05:32 . 2012-04-06 05:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 05:32 . 2012-04-06 05:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:00 . 2012-04-06 02:00 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-05 19:13 . 2012-04-05 19:13 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-05 19:13 . 2011-06-25 08:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 21:07 . 2012-03-09 21:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 21:06 . 2012-03-09 21:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-03-07 09:04 . 2012-03-07 09:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-07 09:04 . 2012-03-07 09:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-07 09:04 . 2012-03-07 09:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-07 09:04 . 2012-03-07 09:04 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-07 09:04 . 2012-03-07 09:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-07 09:04 . 2012-03-07 09:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-07 09:04 . 2012-03-07 09:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-07 09:04 . 2012-03-07 09:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-07 09:04 . 2012-03-07 09:04 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-07 09:04 . 2012-03-07 09:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-07 09:04 . 2012-03-07 09:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-07 09:04 . 2012-03-07 09:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-07 09:04 . 2012-03-07 09:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-07 09:04 . 2012-03-07 09:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-07 09:04 . 2012-03-07 09:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-07 09:04 . 2012-03-07 09:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-07 09:04 . 2012-03-07 09:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-07 09:04 . 2012-03-07 09:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-07 09:04 . 2012-03-07 09:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-07 09:04 . 2012-03-07 09:04 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-07 09:04 . 2012-03-07 09:04 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-07 09:04 . 2012-03-07 09:04 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-07 09:04 . 2012-03-07 09:04 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-07 09:04 . 2012-03-07 09:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-07 09:04 . 2012-03-07 09:04 448512 ----a-w- c:\windows\system32\html.iec
2012-03-07 09:04 . 2012-03-07 09:04 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-07 09:04 . 2012-03-07 09:04 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-07 09:04 . 2012-03-07 09:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-07 09:04 . 2012-03-07 09:04 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-07 09:04 . 2012-03-07 09:04 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-07 09:04 . 2012-03-07 09:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-07 09:04 . 2012-03-07 09:04 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-07 09:04 . 2012-03-07 09:04 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-07 09:04 . 2012-03-07 09:04 111616 ----a-w- c:\windows\system32\iesysprep.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-29_21.26.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-06-01 00:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-29 21:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-01 00:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-29 21:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-29 21:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-01 00:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-05-31 01:58 38238 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-07 21:17 . 2012-05-31 01:58 15964 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2937579301-1935991548-1390105095-1000_UserData.bin
+ 2011-01-06 20:25 . 2012-05-29 22:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-06 20:25 . 2012-05-17 04:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-06 20:25 . 2012-05-17 04:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-06 20:25 . 2012-05-29 22:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-17 04:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-29 22:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-01 00:35 . 2012-06-01 00:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-29 21:24 . 2012-05-29 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-01 00:35 . 2012-06-01 00:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-29 21:24 . 2012-05-29 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-07 14:22 . 2012-06-01 00:16 310262 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-01-07 02:58 . 2012-05-31 06:36 322116 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-05-29 21:07 660530 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-31 21:58 660530 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-31 21:58 121426 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-29 21:07 121426 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-05-29 21:23 254628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-01 00:34 254628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-01-11 00:32 . 2012-06-01 00:34 5408296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2937579301-1935991548-1390105095-1000-8192.dat
- 2011-01-11 00:32 . 2012-05-29 21:23 5408296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2937579301-1935991548-1390105095-1000-8192.dat
- 2009-07-14 02:34 . 2012-05-29 21:23 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-05-31 23:46 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-05-09 17152]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys [x]
R3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 07:40]
.
2012-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:13]
.
2012-05-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000Core.job
- c:\users\Jay Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-12 04:18]
.
2012-05-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000UA.job
- c:\users\Jay Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-12 04:18]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000Core.job
- c:\users\Jay Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 01:42]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000UA.job
- c:\users\Jay Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 01:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = my.daemon-search.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D50D39E0-253B-4CF2-8E66-59204F2EE0B8}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Jay Lee\AppData\Roaming\Mozilla\Firefox\Profiles\ibc9ucvw.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2012-05-31 20:44:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-01 00:44
ComboFix2.txt 2012-05-31 02:03
ComboFix3.txt 2012-05-29 21:31
.
Pre-Run: 21,533,388,800 bytes free
Post-Run: 21,349,294,080 bytes free
.
- - End Of File - - FE77BCA34A9A9233DA402C8898807046

#23
D-FRED-BROWN
Posted 31 May 2012 - 09:21 PM

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 2,205 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food
Please reboot the computer. After that, do you still experience any issues? We're not quite finished yet, but I need to verify that the virus doesn't re-appear after we've cleaned it.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image Thank you!

#24
jahjaylee
Posted 04 June 2012 - 04:41 PM

    New Member

  • Members
  • Pip
  • 38 posts
The virus is still on my computer. When I google search my results are sometimes again redirected to spam sites.
Sorry I was away from my computer again for a couple days.
Thanks for your help.

#25
D-FRED-BROWN
Posted 04 June 2012 - 04:42 PM

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 2,205 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food
Go ahead and run ComboFix once again. If asked to update to the newest version, please allow it to do so. Please include the new C:\ComboFix.txt in your next reply.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image Thank you!

#26
jahjaylee
Posted 05 June 2012 - 04:29 PM

    New Member

  • Members
  • Pip
  • 38 posts
ComboFix 12-06-04.02 - Jay Lee 06/04/2012 21:56:48.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2879 [GMT -4:00]
Running from: c:\users\Jay Lee\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2071-07-25 13:13 . 2006-11-22 00:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-06-05 02:30 . 2012-06-05 02:30 -------- d-----w- C:\found.000
2012-06-05 02:06 . 2012-06-05 02:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-04 23:16 . 2012-06-05 00:57 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\Mumble
2012-06-04 23:16 . 2012-06-04 23:16 -------- d-----w- c:\program files (x86)\Mumble
2012-06-03 22:33 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BB305EC-3C06-460E-A6D6-4242B196E608}\mpengine.dll
2012-05-31 22:27 . 2012-05-31 22:27 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\LolClient2
2012-05-24 23:51 . 2012-05-24 23:51 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\Malwarebytes
2012-05-24 23:47 . 2012-05-24 23:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-24 23:47 . 2012-05-24 23:47 -------- d-----w- c:\programdata\Malwarebytes
2012-05-24 23:47 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-24 02:28 . 2012-05-24 02:28 -------- d-----w- c:\users\Jay Lee\AppData\Local\{27A58CEF-A548-11E1-8270-B8AC6F996F26}
2012-05-24 02:28 . 2012-05-24 02:28 -------- d-----w- c:\users\Jay Lee\AppData\Local\{27A55A5A-A548-11E1-8270-B8AC6F996F26}
2012-05-16 04:44 . 2012-05-31 21:56 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\programdata\AMD
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\AMD AVT
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\AMD APP
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-05-16 03:50 . 2012-05-16 03:51 -------- d-----w- c:\programdata\DriverGenius
2012-05-16 00:49 . 2012-05-16 07:37 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-16 00:36 . 2012-05-16 00:37 -------- d-----w- c:\programdata\Battle.net
2012-05-14 07:18 . 2012-05-14 07:18 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\Trine2
2012-05-10 06:55 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 06:55 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 06:55 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 06:55 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 06:55 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 06:55 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 06:55 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-10 06:55 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-10 06:55 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-10 06:55 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-10 06:54 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 06:54 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 06:54 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 06:54 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 06:54 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 06:54 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 06:54 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 06:54 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 06:54 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 06:54 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 06:54 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 05:34 . 2012-04-06 05:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 05:34 . 2012-04-06 05:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 05:34 . 2012-04-06 05:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 05:33 . 2012-04-06 05:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 05:33 . 2012-04-06 05:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 05:33 . 2012-04-06 05:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 05:32 . 2012-04-06 05:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 05:32 . 2012-04-06 05:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 05:32 . 2012-04-06 05:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:00 . 2012-04-06 02:00 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-05 19:13 . 2012-04-05 19:13 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-05 19:13 . 2011-06-25 08:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 21:07 . 2012-03-09 21:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 21:06 . 2012-03-09 21:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-03-07 09:04 . 2012-03-07 09:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-07 09:04 . 2012-03-07 09:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-07 09:04 . 2012-03-07 09:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-07 09:04 . 2012-03-07 09:04 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-07 09:04 . 2012-03-07 09:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-07 09:04 . 2012-03-07 09:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-07 09:04 . 2012-03-07 09:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-07 09:04 . 2012-03-07 09:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-07 09:04 . 2012-03-07 09:04 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-07 09:04 . 2012-03-07 09:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-07 09:04 . 2012-03-07 09:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-07 09:04 . 2012-03-07 09:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-07 09:04 . 2012-03-07 09:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-07 09:04 . 2012-03-07 09:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-07 09:04 . 2012-03-07 09:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-07 09:04 . 2012-03-07 09:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-07 09:04 . 2012-03-07 09:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-07 09:04 . 2012-03-07 09:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-07 09:04 . 2012-03-07 09:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-07 09:04 . 2012-03-07 09:04 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-07 09:04 . 2012-03-07 09:04 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-07 09:04 . 2012-03-07 09:04 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-07 09:04 . 2012-03-07 09:04 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-07 09:04 . 2012-03-07 09:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-07 09:04 . 2012-03-07 09:04 448512 ----a-w- c:\windows\system32\html.iec
2012-03-07 09:04 . 2012-03-07 09:04 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-07 09:04 . 2012-03-07 09:04 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-07 09:04 . 2012-03-07 09:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-07 09:04 . 2012-03-07 09:04 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-07 09:04 . 2012-03-07 09:04 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-07 09:04 . 2012-03-07 09:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-07 09:04 . 2012-03-07 09:04 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-07 09:04 . 2012-03-07 09:04 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-07 09:04 . 2012-03-07 09:04 111616 ----a-w- c:\windows\system32\iesysprep.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-29_21.26.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-29 21:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-05 02:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-29 21:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-05 02:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-29 21:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-05 02:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-06 20:24 . 2012-06-05 02:38 37644 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-05 02:38 38396 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-07 21:17 . 2012-06-05 02:38 16808 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2937579301-1935991548-1390105095-1000_UserData.bin
- 2011-01-06 20:25 . 2012-05-17 04:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-06 20:25 . 2012-05-29 22:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-06 20:25 . 2012-05-29 22:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-06 20:25 . 2012-05-17 04:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-17 04:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-29 22:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-29 21:24 . 2012-05-29 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-05 02:36 . 2012-06-05 02:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-05 02:36 . 2012-06-05 02:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-29 21:24 . 2012-05-29 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-18 13:15 . 2010-03-18 13:15 770384 c:\windows\SysWOW64\msvcr100.dll
- 2011-06-11 06:58 . 2011-06-11 06:58 421200 c:\windows\SysWOW64\msvcp100.dll
+ 2010-03-18 13:15 . 2010-03-18 13:15 421200 c:\windows\SysWOW64\msvcp100.dll
+ 2011-01-07 14:22 . 2012-06-04 01:40 310878 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-01-07 02:58 . 2012-05-31 06:36 322116 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-05-29 21:07 660530 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-04 21:44 660530 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-29 21:07 121426 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-04 21:44 121426 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-05-29 21:23 254628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-05 02:07 254628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-01-11 00:32 . 2012-06-05 02:07 5408296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2937579301-1935991548-1390105095-1000-8192.dat
- 2011-01-11 00:32 . 2012-05-29 21:23 5408296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2937579301-1935991548-1390105095-1000-8192.dat
+ 2009-07-14 02:34 . 2012-06-04 21:54 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-05-29 21:23 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-06-04 23:14 . 2012-06-04 23:14 17904640 c:\windows\Installer\5a5bdc.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys [x]
R3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 07:40]
.
2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:13]
.
2012-06-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000Core.job
- c:\users\Jay Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-12 04:18]
.
2012-06-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000UA.job
- c:\users\Jay Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-12 04:18]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000Core.job
- c:\users\Jay Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 01:42]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000UA.job
- c:\users\Jay Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 01:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = my.daemon-search.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D50D39E0-253B-4CF2-8E66-59204F2EE0B8}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Jay Lee\AppData\Roaming\Mozilla\Firefox\Profiles\ibc9ucvw.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-06-04 22:43:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-05 02:43
ComboFix2.txt 2012-06-01 00:44
ComboFix3.txt 2012-05-31 02:03
ComboFix4.txt 2012-05-29 21:31
.
Pre-Run: 21,320,785,920 bytes free
Post-Run: 20,794,404,864 bytes free
.
- - End Of File - - C50594E54D57D40E532569094A4D8D26

#27
D-FRED-BROWN
Posted 05 June 2012 - 05:55 PM

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 2,205 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food
My apologies for the delay.


Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote

KILLALL::

Folder::
c:\users\Jay Lee\AppData\Local\{27A55A5A-A548-11E1-8270-B8AC6F996F26}
c:\users\Jay Lee\AppData\Local\{27A58CEF-A548-11E1-8270-B8AC6F996F26}

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image Thank you!

#28
jahjaylee
Posted 06 June 2012 - 06:08 PM

    New Member

  • Members
  • Pip
  • 38 posts
Computer slowing down significantly. I'm having trouble even running combo fix. I've started in safe mode to run it

#29
D-FRED-BROWN
Posted 06 June 2012 - 06:20 PM

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 2,205 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food
See if you can get me the ComboFix report. If not, post back here and we'll go about a different method.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image Thank you!

#30
jahjaylee
Posted 06 June 2012 - 07:27 PM

    New Member

  • Members
  • Pip
  • 38 posts
Combofix has run and is trying to form the log report but I don't know if it is gonna be able to make the report

#31
jahjaylee
Posted 06 June 2012 - 07:52 PM

    New Member

  • Members
  • Pip
  • 38 posts
Any Idea where the combofix logs are saved? It finished the Combofix run and the log opened but my computer froze as I tried to open firefox.
Also there is a found.000 file in my /c directory. I know this isnt malware but due to other issues with my computer just thought I should let you know. I am annoyed cause this really wasn't a huge deal until today. Prior to this my computer ran fine but just had annoying redirections when i tried to use google. Getting a little desperate now, I'll try and get you that combofix log.

#32
jahjaylee
Posted 07 June 2012 - 07:50 AM

    New Member

  • Members
  • Pip
  • 38 posts
Can't find the combofix log. Any thoughts?

#33
D-FRED-BROWN
Posted 07 June 2012 - 11:58 AM

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 2,205 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food
Try running it another time in Safe Mode. Keep me posted.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image Thank you!

#34
jahjaylee
Posted 07 June 2012 - 03:37 PM

    New Member

  • Members
  • Pip
  • 38 posts
I think its kicked the bucket. Can't even start into safe mode anymore. I get a blue screen error on start and it instantly restarts. Trying to run a windows auto repair but so far it seems just to be idling. Pretty sure its gone but you got any more thoughts?

#35
D-FRED-BROWN
Posted 07 June 2012 - 03:42 PM

    Resident Bracketologist

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 2,205 posts
  • Gender:Male
  • Location:MHK
  • Interests:music, computer security, computer sciences, food
Can you access the System Recovery options? See if you can perform a Systen Restore:

http://www.sevenforu...em-restore.html
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image Thank you!

#36
jahjaylee
Posted 07 June 2012 - 06:12 PM

    New Member

  • Members
  • Pip
  • 38 posts
goes straight to a start up repair window prior to launch and give me two options, either launch startup repair or start the computer. If i start the computer, it will not let me boot into safe mode, if I pick startup repair, nothing happens and it just idles.

#37
jahjaylee
Posted 07 June 2012 - 06:15 PM

    New Member

  • Members
  • Pip
  • 38 posts
Is there anyway to avoid the startup repair and try and boot into safe mode?

#38
jahjaylee
Posted 07 June 2012 - 06:28 PM

    New Member

  • Members
  • Pip
  • 38 posts
Best I can do at this point is get up to the setup utility page.

#39
jahjaylee
Posted 07 June 2012 - 06:33 PM

    New Member

  • Members
  • Pip
  • 38 posts
I take that back I got to the advanced boot options page safe mode does not work

#40
jahjaylee
Posted 07 June 2012 - 06:37 PM

    New Member

  • Members
  • Pip
  • 38 posts
Repair your Computer page shows up blank even after sitting for two hours. Safe mode does nt work .Last Known Good Configuration did not work. Any options left?
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us