Jump to content

MrSasquatch

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. MrSasquatch
    Well, to be honest, I didn't really notice much earlier until I attempted the scan. I remember the system was a tad bit sluggish, and it seems to be running fine now. Thank you for the help! What kind of malware were those anyways?
  2. MrSasquatch
    Everything seems to have updated normally. Here's the log: All processes killed ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Vincent\Desktop\cmd.bat deleted successfully. C:\Users\Vincent\Desktop\cmd.txt deleted successfully. C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll moved successfully. C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe moved successfully. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\updater-startnow-200-2.5-g[1].exe moved successfully. File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\updater-startnow-200-2.5-g[1].exe not found. ========== COMMANDS ========== Restore point Set: OTM Restore Point [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Vincent ->Temp folder emptied: 1229982 bytes ->Temporary Internet Files folder emptied: 18050621 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 28076397 bytes ->Google Chrome cache emptied: 181117429 bytes ->Flash cache emptied: 164398 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 90 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 460970 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 219.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 01172013_103056
  3. MrSasquatch
    Combofix: ComboFix 13-01-16.01 - Vincent 01/16/2013 21:09:32.2.4 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8136.6707 [GMT -6:00] Running from: c:\users\Vincent\Desktop\ComboFix.exe Command switches used :: c:\users\Vincent\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Partner Service . . ((((((((((((((((((((((((( Files Created from 2012-12-17 to 2013-01-17 ))))))))))))))))))))))))))))))) . . 2013-01-17 03:26 . 2013-01-17 03:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-01-15 19:01 . 2013-01-15 19:01 -------- d-----w- c:\users\Vincent\AppData\Local\Programs 2013-01-15 05:25 . 2013-01-04 15:53 9060864 ----a-w- c:\windows\system32\mshtml.dll 2013-01-09 16:56 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll 2013-01-07 05:07 . 2013-01-07 05:07 -------- d-----w- c:\users\Vincent\AppData\Local\SCE 2013-01-07 05:07 . 2013-01-07 05:07 -------- d-----w- C:\Crash 2012-12-21 09:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 09:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 09:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 09:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-19 00:26 . 2013-01-17 03:30 -------- d-----r- c:\users\Vincent\Dropbox 2012-12-19 00:25 . 2013-01-17 03:30 -------- d-----w- c:\users\Vincent\AppData\Roaming\Dropbox 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-10 08:12 . 2011-11-10 05:09 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-12-14 22:49 . 2012-01-11 06:48 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-30 04:45 . 2013-01-09 16:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-22 02:59 . 2012-11-22 02:59 819729 ----a-w- c:\windows\SysWow64\mrvcl32.exe 2012-11-12 12:28 . 2012-12-12 16:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-12 11:52 . 2012-12-12 16:02 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-12 16:02 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 16:02 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-02 05:59 . 2012-12-12 16:02 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 16:02 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-27 06:26 . 2012-12-12 16:02 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-10-27 05:51 . 2012-12-12 16:02 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-10-27 05:51 . 2012-12-12 16:02 1494528 ----a-w- c:\windows\system32\urlmon.dll 2012-10-27 05:51 . 2012-12-12 16:02 134144 ----a-w- c:\windows\system32\url.dll 2012-10-27 05:49 . 2012-12-12 16:02 97792 ----a-w- c:\windows\system32\mshtmled.dll 2012-10-27 05:49 . 2012-12-12 16:02 735744 ----a-w- c:\windows\system32\msfeeds.dll 2012-10-27 05:49 . 2012-12-12 16:02 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-10-27 05:49 . 2012-12-12 16:02 247808 ----a-w- c:\windows\system32\ieui.dll 2012-10-27 05:49 . 2012-12-12 16:02 2453504 ----a-w- c:\windows\system32\iertutil.dll 2012-10-27 05:49 . 2012-12-12 16:02 12295680 ----a-w- c:\windows\system32\ieframe.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Vincent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Vincent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Vincent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Vincent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-10-24 2816328] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-24 39408] "DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2011-12-07 112400] "GoogleChromeAutoLaunch_CC7830D48765B505BA650E95D0254AC0"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-08 1248360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2012-02-26 1044992] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] . c:\users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Vincent\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-28 28539392] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-15 349224] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-15 39464] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 63056] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-09-20 136896] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 94992] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-25 1255736] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840] R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x] R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336] R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] R4 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-09 220528] R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] R4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440] R4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352] R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240] R4 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-12-22 46080] R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-05-24 57952] S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-05-24 39008] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 283744] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960] S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-05-24 13408] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-11 279616] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 75160] S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys [2011-05-24 15456] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-08-15 8704] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 149032] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-05-24 29792] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088] S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys [2011-05-24 20064] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-13 174168] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-03-31 412712] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 441840] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-12-07 117520] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-05-10 97792] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-05-10 217600] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-11 05:54 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 00:57] . 2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 00:57] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Vincent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Vincent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Vincent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Vincent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc] @="{771C7324-DA80-49D3-8017-753B0AF60951}" [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}] 2011-05-24 01:04 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://lenovo.msn.com uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://lenovo.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 10.50.0.1 FF - ProfilePath - c:\users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\tdq6nx4h.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z164&ocid=zdhp&install_date=20111025 FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z164&form=ZGAADF&install_date=20111025&q= FF - prefs.js: browser.search.selectedEngine - Bing FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files (x86)\McAfee\SiteAdvisor . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe AddRemove-{8AF7479C-B28D-4BFF-867B-4755DE019259}_is1 - c:\program files (x86)\Mount&Blade Warband\Modules\mm russia3\unins000.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-496396701-3582168912-2710041217-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a2,6e,a8,79,69,69,7c,d9,98,27,cc,6e,3a,df,c9,b4,91,d4,50,78,47,8e,a6, 03,06,42,e1,06,62,9c,0f,c5,3a,0b,15,c8,e6,59,5a,7b,ea,22,ca,85,10,dc,28,1e,\ "??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\FileZilla Server\FileZilla Server.exe c:\program files (x86)\Giraffic\Veoh_Giraffic.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe . ************************************************************************** . Completion time: 2013-01-16 21:37:51 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-17 03:37 . Pre-Run: 205,537,116,160 bytes free Post-Run: 205,532,897,280 bytes free . - - End Of File - - 010FE38936CDF94AF710E7E00E4ADC4E ESET SCAN: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll Win32/OpenCandy application C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe Win32/Toolbar.Zugo application C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Reactivate.exe.vir a variant of Win32/Toolbar.Zugo application C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir a variant of Win32/Toolbar.Zugo application C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarBroker.exe.vir a variant of Win32/Toolbar.Zugo application C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\updater-startnow-200-2.5-g[1].exe a variant of Win32/Toolbar.Zugo application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\updater-startnow-200-2.5-g[1].exe a variant of Win32/Toolbar.Zugo application checkup: Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 30 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.4.402.287 Flash Player out of Date! Adobe Reader 10.1.5 Adobe Reader out of Date! Mozilla Firefox (3.6.10) Firefox out of Date! Google Chrome 23.0.1271.97 Google Chrome 24.0.1312.52 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. MrSasquatch
    Alright, done and done. AdwCleanerS1.txt ComboFix.txt
  5. MrSasquatch
    I have little knowledge when it comes to techy jargon and the like so please bear with me. All I know is I decided to scan my computer (for the first time in a while) using Malwarebytes, proceeded to update it, then began a full scan. 20 seconds into the scan, it notes that 2 threats have been detected and immediately stops. The program then becomes unresponsive, and I am forced to end the process. I saved the Attach and DDS files. After taking a peek at the Attach file, I realized there were some unsettling logs... Help would be appreciated! Thanks! attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.