EDavignon
Members-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by EDavignon
-
Looks like nothing is there, below is the report. Thanks for all of your help! Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.31.10 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Eric Davignon :: ERICDAVIGNON-PC [administrator] 7/31/2012 12:11:41 PM mbam-log-2012-07-31 (12-11-41).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 207009 Time elapsed: 2 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
-
Here it is, had to do some restarting and trying to end processes. Then restarted the whole ComboFix again - this is the log provided. ComboFix 12-07-30.03 - Eric Davignon 07/31/2012 11:47:10.2.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2166 [GMT -4:00] Running from: c:\users\Eric Davignon\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\users\Eric Davignon\AppData\Roaming\mIRC\logs\status.log c:\users\Eric Davignon\Desktop\Setup.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 ))))))))))))))))))))))))))))))) . . 2012-07-31 15:56 . 2012-07-31 15:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-31 06:24 . 2012-07-31 06:24 -------- d-----w- C:\FRST 2012-07-30 20:49 . 2012-07-31 00:04 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE 2012-07-30 17:11 . 2012-07-30 17:11 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-24 19:40 . 2012-07-24 19:40 -------- d-----w- c:\windows\Sun 2012-07-24 02:30 . 2012-07-24 02:39 -------- d-----w- c:\program files (x86)\Free Download Manager 2012-07-12 03:05 . 2012-07-12 03:05 -------- d-----w- c:\programdata\Realtime Soft 2012-07-12 03:05 . 2012-07-12 03:05 -------- d-----w- c:\program files\UltraMon 2012-07-12 03:05 . 2012-07-12 03:05 -------- d-----w- c:\program files (x86)\Common Files\Realtime Soft 2012-07-11 11:41 . 2012-07-11 11:41 -------- d-----w- c:\programdata\ATI 2012-07-11 11:41 . 2012-07-11 11:41 -------- d-----w- c:\program files (x86)\AMD APP 2012-07-11 07:01 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys 2012-07-07 17:27 . 2012-07-07 17:27 266632 ----a-w- c:\windows\UltraMon.scr 2012-07-04 01:53 . 2012-07-04 01:53 82312 ----a-w- c:\windows\SysWow64\UltraMonHook.dll 2012-07-04 01:52 . 2012-07-04 01:52 338824 ----a-w- c:\windows\SysWow64\UltraMon.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-30 17:57 . 2012-03-28 22:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-30 17:57 . 2011-06-05 13:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 07:05 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe 2012-07-03 17:46 . 2010-12-15 22:37 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-11 17:50 . 2012-06-11 17:50 187392 ----a-w- c:\windows\system32\clinfo.exe 2012-06-11 17:50 . 2012-06-11 17:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-06-11 17:50 . 2012-06-11 17:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-06-11 17:50 . 2012-06-11 17:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll 2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-06-02 22:19 . 2012-06-21 13:24 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 13:24 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 13:24 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 13:24 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 13:24 35864 ----a-w- c:\windows\SysWow64\wups.dll 2012-06-02 22:19 . 2012-06-21 13:24 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-21 13:24 577048 ----a-w- c:\windows\SysWow64\wuapi.dll 2012-06-02 22:15 . 2012-06-21 13:24 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 13:24 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 22:12 . 2012-06-21 13:24 88576 ----a-w- c:\windows\SysWow64\wudriver.dll 2012-06-02 19:19 . 2012-06-21 13:24 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:19 . 2012-06-21 13:24 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll 2012-06-02 19:15 . 2012-06-21 13:24 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 19:12 . 2012-06-21 13:24 33792 ----a-w- c:\windows\SysWow64\wuapp.exe 2012-05-05 08:47 . 2012-04-14 17:47 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files (x86)\free-downloads.net\tbfree.dll" [2010-02-22 2353176] . [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2010-02-22 17:05 2353176 ----a-w- c:\program files (x86)\free-downloads.net\tbfree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files (x86)\free-downloads.net\tbfree.dll" [2010-02-22 2353176] . [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Eric Davignon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Eric Davignon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Eric Davignon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-06-01 109336] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-06-05 2171904] "InputDirector"="c:\program files (x86)\Input Director\InputDirector.exe" [2010-02-01 475136] "AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2010-08-03 349632] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632] "CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-06-01 109336] "Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296] "CtxfiReg"="CTXFIREG.exe" [2010-07-08 47104] . c:\users\Eric Davignon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ 3DO - Might and Magic VII Registration.lnk - c:\program files (x86)\3DO\Might and Magic VII\Register\Remind32.exe [2010-6-7 67584] Dropbox.lnk - c:\users\Eric Davignon\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-13 27595032] Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2008-11-7 517384] OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] Two Monitor.lnk - c:\users\Eric Davignon\AppData\Roaming\Realtime Soft\UltraMon\Profiles\Two Monitor.umprofile [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-2 1207312] UltraMon.lnk - c:\windows\Installer\{A9D0CC6D-A00D-486E-ABF3-D9A30B5143E5}\IcoUltraMon.ico [2012-7-11 29310] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 3 (0x3) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart . S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Eric Davignon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Eric Davignon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Eric Davignon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Eric Davignon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 2342800] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Eric Davignon\AppData\Roaming\Mozilla\Firefox\Profiles\xwmfq2t0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/?cid=xfactiv_tech_main . - - - - ORPHANS REMOVED - - - - . WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-3272619200.elitistjerks.com - c:\program files (x86)\Microsoft Silverlight\4.0.60310.0\Silverlight.Configuration.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e, 76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e "{ECDEE021-0D17-467F-A1FF-C7A115230949}"=hex:51,66,7a,6c,4c,1d,38,12,4f,e3,cd, e8,25,43,11,03,de,e9,84,e1,10,7d,4d,5d "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4 "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63, 57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b "{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e, 76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:dd,e5,85,8f,38,0d,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,75,b2,12,7d,d5,37,45,9d,d1,39,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,75,b2,12,7d,d5,37,45,9d,d1,39,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\atashost.exe c:\program files (x86)\AVG\AVG10\avgwdsvc.exe c:\program files (x86)\Input Director\IDWinService.exe c:\program files (x86)\Input Director\InputDirectorSessionHelper.exe c:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe c:\program files (x86)\Input Director\IDVistaService.exe c:\windows\SysWOW64\Ctxfihlp.exe c:\windows\SysWOW64\CTXFISPI.EXE c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe c:\program files (x86)\OpenOffice.org 3\program\soffice.exe c:\program files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe c:\program files\Logitech\SetPoint\x86\SetPoint32.exe c:\program files (x86)\OpenOffice.org 3\program\soffice.bin c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe c:\program files (x86)\Internet Explorer\IELowutil.exe . ************************************************************************** . Completion time: 2012-07-31 12:07:18 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-31 16:07 . Pre-Run: 228,256,165,888 bytes free Post-Run: 228,764,844,032 bytes free . - - End Of File - - 2B1E9B01A0DEA990EA55AA9B48076FF3
-
Hello, I ran ComboFix - it rebooted my computer and is now seemingly stuck on a black screen with the command prompt Administrator: ComboFix and it's just saying "Please wait." It has been "stuck" here for about 30 minutes. Is this typical? I didn't see that it was typical to auto restart the program. Thanks!
-
Thanks for the continued help. Below is the text. Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01 Ran by SYSTEM at 2012-07-31 07:12:30 Run:1 Running from E:\ ============================================== C:\Windows\Installer\{01a92766-5d95-73d4-cde5-504f9c291fa7} moved successfully. C:\Users\Eric Davignon\AppData\Local\{01a92766-5d95-73d4-cde5-504f9c291fa7} moved successfully. C:\Windows\assembly\GAC_32\Desktop.ini moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini moved successfully. C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe copied successfully to C:\Windows\System32\services.exe ==== End of Fixlog ====
-
Rsults (First and then Search) below: Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01 Ran by SYSTEM at 30-07-2012 22:24:56 Running from E:\ Windows Vista Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x] HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2342800 2009-06-01] (Microsoft Corporation) HKLM-x32\...\Run: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r [2171904 2009-06-05] (VIA) HKLM-x32\...\Run: [inputDirector] "C:\Program Files (x86)\Input Director\InputDirector.exe" /hide [475136 2010-02-01] () HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2339168 2012-01-17] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1466760 2012-06-04] (Garmin) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [349632 2010-08-03] (Cyber Power Systems, Inc.) HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [69632 2004-04-13] (InstallShield Software Corporation) HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x] HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.) HKU\Default\...\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation) HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation) HKU\Default User\...\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation) HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation) HKU\Eric Davignon\...\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\Eric Davignon\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [5252408 2010-06-01] (Yahoo! Inc.) HKU\Eric Davignon\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKU\Eric Davignon\...\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount [33120 2009-11-15] (Alcohol Soft Development Team) HKU\Eric Davignon\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [574296 2012-03-06] (IObit) HKU\Eric Davignon\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKU\Eric Davignon\...\Run: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [196608 2004-04-17] (InstallShield Software Corporation) HKU\Eric Davignon\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.) HKU\Eric Davignon\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [109336 2012-06-01] (Siber Systems) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\UltraMon.lnk ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{A9D0CC6D-A00D-486E-ABF3-D9A30B5143E5}\IcoUltraMon.ico () Startup: C:\Users\Eric Davignon\Start Menu\Programs\Startup\3DO - Might and Magic VII Registration.lnk ShortcutTarget: 3DO - Might and Magic VII Registration.lnk -> C:\Program Files (x86)\3DO\Might and Magic VII\Register\Remind32.exe (IntelliQuest Communications, Inc.) Startup: C:\Users\Eric Davignon\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\Eric Davignon\Start Menu\Programs\Startup\Logitech . Product Registration.lnk ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) Startup: C:\Users\Eric Davignon\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Eric Davignon\Start Menu\Programs\Startup\Two Monitor.lnk ShortcutTarget: Two Monitor.lnk -> C:\Windows\System32\config\systemprofile\AppData\Roaming\Realtime Soft\UltraMon\Profiles\Two Monitor.umprofile (No File) ==================== Services (Whitelisted) ====== 2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913752 2012-03-14] (IObit) 2 atashost; "C:\Windows\SysWOW64\atashost.exe" [20376 2009-03-06] (WebEx Communications, Inc.) 2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.) 2 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-08] (AVG Technologies CZ, s.r.o.) 3 Creative Media Toolbox 6 Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe" [79360 2010-02-13] (Creative Labs) 3 IDVistaService; C:\Program Files (x86)\Input Director\IDVistaService.exe [13824 2009-02-07] () 2 InputDirector; C:\Program Files (x86)\Input Director\IDWinService.exe [36864 2010-02-01] () 2 nmservice; "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" [647216 2009-07-07] (Cisco Systems, Inc.) 2 ppped; "C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe" [923072 2010-08-12] (Cyber Power Systems, Inc.) 2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) 2 sprtsvc_ddoctorv2; "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe" /service /P ddoctorv2 [202560 2008-04-24] (SupportSoft, Inc.) ========================== Drivers (Whitelisted) ============= 2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) 2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) 1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [14392 2007-12-17] () 3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [117328 2011-05-27] (AVG Technologies CZ, s.r.o. ) 0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. ) 3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. ) 1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [304720 2011-01-07] (AVG Technologies CZ, s.r.o.) 1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.) 0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.) 1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.) 3 DCamUSBET; C:\Windows\System32\DRIVERS\etDevice64.sys [527744 2007-07-23] (eMPIA Technology, Inc.) 3 FiltUSBET; C:\Windows\System32\DRIVERS\etFilter64.sys [281088 2007-06-14] (eMPIA Technology Inc.) 3 ha20x22k; C:\Windows\System32\Drivers\ha20x22k.sys [1612888 2010-07-07] (Creative Technology Ltd) 3 L8042Kbd; C:\Windows\System32\Drivers\L8042Kbd.sys [30736 2009-06-17] (Logitech, Inc.) 3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [21504 2010-06-24] (http://libusb-win32.sourceforge.net) 3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-10-31] () 3 ScanUSBET; C:\Windows\System32\DRIVERS\etScan64.sys [9216 2007-07-23] (eMPIA Technology, Inc.) 0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-02-25] (Duplex Secure Ltd.) 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-30 22:24 - 2012-07-30 22:24 - 00000000 ____D C:\FRST 2012-07-30 16:39 - 2012-07-30 16:39 - 00002381 ____A C:\Users\Eric Davignon\Desktop\RKreport[1].txt 2012-07-30 16:39 - 2012-07-30 16:39 - 00000000 ____D C:\Users\Eric Davignon\Desktop\RK_Quarantine 2012-07-30 16:38 - 2012-07-30 16:38 - 01552384 ____A C:\Users\Eric Davignon\Desktop\RogueKiller.exe 2012-07-30 16:13 - 2012-07-30 16:13 - 00029617 ____A C:\Users\Eric Davignon\Desktop\DDS.txt 2012-07-30 16:13 - 2012-07-30 16:13 - 00012317 ____A C:\Users\Eric Davignon\Desktop\Attach.txt 2012-07-30 16:08 - 2012-07-30 16:08 - 00607260 ____R (Swearware) C:\Users\Eric Davignon\Desktop\dds.com 2012-07-30 16:08 - 2012-07-30 16:08 - 00607260 ____A (Swearware) C:\Users\Eric Davignon\Downloads\dds.com 2012-07-30 12:49 - 2012-07-30 16:04 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE 2012-07-30 09:11 - 2012-07-30 09:11 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-07-24 11:40 - 2012-07-24 11:40 - 00000000 ____D C:\Windows\Sun 2012-07-23 18:31 - 2012-07-23 18:31 - 00809328 ____A (AirInstaller Inc.) C:\Users\Eric Davignon\Desktop\setup(1).exe 2012-07-23 18:30 - 2012-07-23 18:39 - 00000000 ____D C:\Program Files (x86)\Free Download Manager 2012-07-23 18:27 - 2012-07-23 18:27 - 00809328 ____A (AirInstaller Inc.) C:\Users\Eric Davignon\Desktop\setup.exe 2012-07-11 19:05 - 2012-07-11 19:05 - 00000000 ____D C:\Users\All Users\Realtime Soft 2012-07-11 19:05 - 2012-07-11 19:05 - 00000000 ____D C:\Program Files\UltraMon 2012-07-11 03:41 - 2012-07-11 03:41 - 00000000 ____D C:\Users\All Users\ATI 2012-07-11 03:41 - 2012-07-11 03:41 - 00000000 ____D C:\Program Files (x86)\AMD APP 2012-07-10 23:02 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-10 23:02 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-10 23:02 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-10 23:02 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-10 23:02 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-10 23:02 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-10 23:02 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-10 23:02 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-10 23:02 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-10 23:02 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-10 23:02 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-10 23:02 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-10 23:02 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-10 23:02 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-10 23:02 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-07-10 23:02 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-07-10 23:02 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-07-10 23:02 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-07-10 23:02 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-07-10 23:02 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-07-10 23:02 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-07-10 23:02 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-07-10 23:02 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-07-10 23:02 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-07-10 23:02 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-07-10 23:02 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-07-10 23:02 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-07-10 23:02 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-07-10 23:01 - 2012-06-13 05:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-10 15:48 - 2012-06-08 09:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-10 15:48 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-10 15:48 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-10 15:48 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-10 15:48 - 2012-06-05 08:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-10 15:48 - 2012-06-05 08:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-10 15:48 - 2012-06-04 07:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-10 15:48 - 2012-06-01 16:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-10 15:48 - 2012-06-01 16:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-10 15:48 - 2012-06-01 16:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-10 15:48 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-10 15:48 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-07 09:27 - 2012-07-07 09:27 - 00266632 ____A (Realtime Soft Ltd) C:\Windows\UltraMon.scr 2012-07-03 17:53 - 2012-07-03 17:53 - 00082312 ____A (Realtime Soft Ltd) C:\Windows\SysWOW64\UltraMonHook.dll 2012-07-03 17:52 - 2012-07-03 17:52 - 00338824 ____A (Realtime Soft Ltd) C:\Windows\SysWOW64\UltraMon.dll 2012-07-03 14:07 - 2012-07-03 14:07 - 04615016 ____A (Garmin International) C:\Users\Eric Davignon\Desktop\GarminMapUpdater_v3.1.14.exe ============ 3 Months Modified Files ======================== 2012-07-30 18:12 - 2006-11-02 07:42 - 00032656 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-30 18:12 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-30 18:12 - 2006-11-02 07:22 - 00004112 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-30 18:12 - 2006-11-02 07:22 - 00004112 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-30 18:10 - 2008-01-20 17:53 - 01685528 ____A C:\Windows\WindowsUpdate.log 2012-07-30 16:39 - 2012-07-30 16:39 - 00002381 ____A C:\Users\Eric Davignon\Desktop\RKreport[1].txt 2012-07-30 16:38 - 2012-07-30 16:38 - 01552384 ____A C:\Users\Eric Davignon\Desktop\RogueKiller.exe 2012-07-30 16:13 - 2012-07-30 16:13 - 00029617 ____A C:\Users\Eric Davignon\Desktop\DDS.txt 2012-07-30 16:13 - 2012-07-30 16:13 - 00012317 ____A C:\Users\Eric Davignon\Desktop\Attach.txt 2012-07-30 16:08 - 2012-07-30 16:08 - 00607260 ____R (Swearware) C:\Users\Eric Davignon\Desktop\dds.com 2012-07-30 16:08 - 2012-07-30 16:08 - 00607260 ____A (Swearware) C:\Users\Eric Davignon\Downloads\dds.com 2012-07-30 16:03 - 2012-04-16 20:39 - 00225118 ____A C:\Windows\PFRO.log 2012-07-30 12:49 - 2012-03-06 11:44 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-30 09:57 - 2012-03-28 14:51 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-30 09:57 - 2011-06-05 05:50 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-30 09:53 - 2009-09-01 11:39 - 00327680 ____A C:\Windows\System32\Ikeext.etl 2012-07-30 09:51 - 2011-10-02 14:33 - 00253430 ____A C:\Users\Eric Davignon\Desktop\DoA Spreadsheet2.ods 2012-07-27 14:41 - 2006-11-02 04:46 - 00756338 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-27 09:45 - 2010-05-07 07:33 - 00043171 ____A C:\Users\Eric Davignon\Documents\Housing budget.ods 2012-07-27 03:22 - 2010-07-02 06:52 - 00000680 ____A C:\Users\Eric Davignon\AppData\Local\d3d9caps.dat 2012-07-23 18:31 - 2012-07-23 18:31 - 00809328 ____A (AirInstaller Inc.) C:\Users\Eric Davignon\Desktop\setup(1).exe 2012-07-23 18:27 - 2012-07-23 18:27 - 00809328 ____A (AirInstaller Inc.) C:\Users\Eric Davignon\Desktop\setup.exe 2012-07-10 23:27 - 2006-11-02 07:21 - 00424024 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-10 23:05 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-07-07 09:27 - 2012-07-07 09:27 - 00266632 ____A (Realtime Soft Ltd) C:\Windows\UltraMon.scr 2012-07-03 17:53 - 2012-07-03 17:53 - 00082312 ____A (Realtime Soft Ltd) C:\Windows\SysWOW64\UltraMonHook.dll 2012-07-03 17:52 - 2012-07-03 17:52 - 00338824 ____A (Realtime Soft Ltd) C:\Windows\SysWOW64\UltraMon.dll 2012-07-03 16:27 - 2011-09-22 12:27 - 00001879 ____A C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk 2012-07-03 14:07 - 2012-07-03 14:07 - 04615016 ____A (Garmin International) C:\Users\Eric Davignon\Desktop\GarminMapUpdater_v3.1.14.exe 2012-07-03 09:46 - 2010-12-15 14:37 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-17 13:02 - 2012-06-17 13:02 - 00000949 ____A C:\Users\Eric Davignon\Desktop\Dropbox.lnk 2012-06-13 20:38 - 2010-05-30 00:37 - 00249971 ____A C:\Users\Eric Davignon\Documents\Home payoff schedule.ods 2012-06-13 05:58 - 2012-07-10 23:01 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-12 13:59 - 2012-06-12 13:59 - 00001694 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-06-11 09:50 - 2012-06-11 09:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll 2012-06-11 09:50 - 2012-06-11 09:50 - 00187392 ____A C:\Windows\System32\clinfo.exe 2012-06-11 09:50 - 2012-06-11 09:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll 2012-06-11 09:50 - 2012-06-11 09:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll 2012-06-11 09:50 - 2012-06-11 09:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll 2012-06-11 09:50 - 2012-06-11 09:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll 2012-06-11 09:49 - 2012-06-11 09:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll 2012-06-08 09:59 - 2012-07-10 15:48 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 09:47 - 2012-07-10 15:48 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-05 16:34 - 2011-07-29 10:01 - 00001866 ____A C:\Users\Public\Desktop\Safari.lnk 2012-06-05 16:33 - 2012-06-05 16:33 - 00001756 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-06-05 08:47 - 2012-07-10 15:48 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 08:47 - 2012-07-10 15:48 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 08:22 - 2012-07-10 15:48 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 08:22 - 2012-07-10 15:48 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-04 07:29 - 2012-07-10 15:48 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-02 14:19 - 2012-06-21 05:24 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-21 05:24 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-21 05:24 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2012-06-02 14:19 - 2012-06-21 05:24 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-21 05:24 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-21 05:24 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:19 - 2012-06-21 05:24 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2012-06-02 14:15 - 2012-06-21 05:24 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-21 05:24 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 14:12 - 2012-06-21 05:24 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2012-06-02 11:19 - 2012-06-21 05:24 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 11:19 - 2012-06-21 05:24 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2012-06-02 11:15 - 2012-06-21 05:24 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 11:12 - 2012-06-21 05:24 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2012-06-02 04:49 - 2012-07-10 23:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 04:17 - 2012-07-10 23:02 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 04:12 - 2012-07-10 23:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 04:05 - 2012-07-10 23:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 04:05 - 2012-07-10 23:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 04:04 - 2012-07-10 23:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 04:04 - 2012-07-10 23:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 04:03 - 2012-07-10 23:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 04:01 - 2012-07-10 23:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 04:00 - 2012-07-10 23:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 03:59 - 2012-07-10 23:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 03:57 - 2012-07-10 23:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 03:57 - 2012-07-10 23:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 03:54 - 2012-07-10 23:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 01:07 - 2012-07-10 23:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 00:43 - 2012-07-10 23:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 00:33 - 2012-07-10 23:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 00:26 - 2012-07-10 23:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 00:25 - 2012-07-10 23:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 00:25 - 2012-07-10 23:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 00:23 - 2012-07-10 23:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 00:21 - 2012-07-10 23:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 00:20 - 2012-07-10 23:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 00:19 - 2012-07-10 23:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 00:19 - 2012-07-10 23:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 00:17 - 2012-07-10 23:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 00:16 - 2012-07-10 23:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 00:14 - 2012-07-10 23:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-01 16:22 - 2012-07-10 15:48 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 16:22 - 2012-07-10 15:48 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 16:05 - 2012-07-10 15:48 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 16:04 - 2012-07-10 15:48 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 16:03 - 2012-07-10 15:48 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 03:09 - 2012-03-29 02:06 - 12356400 ____A (Siber Systems) C:\Users\Eric Davignon\Desktop\AiRoboForm-cnetc.exe 2012-05-26 15:40 - 2011-07-06 16:25 - 00001890 ____A C:\Users\Public\Desktop\Skype.lnk 2012-05-15 00:37 - 2012-05-15 00:20 - 00000979 ____A C:\Users\Public\Desktop\Diablo III.lnk 2012-05-15 00:20 - 2012-05-15 00:20 - 00365172 ____A C:\Users\Eric Davignon\AppData\Local\dd_vcredistMSI130D.txt 2012-05-15 00:20 - 2012-05-15 00:20 - 00218026 ____A C:\Users\Eric Davignon\AppData\Local\dd_vcredistUI130D.txt 2012-05-14 20:51 - 2012-05-14 20:51 - 00366324 ____A C:\Users\Eric Davignon\AppData\Local\dd_vcredistMSI72D6.txt 2012-05-14 20:51 - 2012-05-14 20:50 - 00214474 ____A C:\Users\Eric Davignon\AppData\Local\dd_vcredistUI72D6.txt 2012-05-07 14:34 - 2012-05-07 14:34 - 00000000 ____A C:\Windows\setuperr.log 2012-05-07 14:34 - 2012-05-07 14:34 - 00000000 ____A C:\Windows\setupact.log 2012-05-05 00:47 - 2012-04-14 09:47 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe ZeroAccess: C:\Windows\Installer\{01a92766-5d95-73d4-cde5-504f9c291fa7} C:\Windows\Installer\{01a92766-5d95-73d4-cde5-504f9c291fa7}\@ C:\Windows\Installer\{01a92766-5d95-73d4-cde5-504f9c291fa7}\L C:\Windows\Installer\{01a92766-5d95-73d4-cde5-504f9c291fa7}\U C:\Windows\Installer\{01a92766-5d95-73d4-cde5-504f9c291fa7}\L\00000004.@ C:\Windows\Installer\{01a92766-5d95-73d4-cde5-504f9c291fa7}\L\201d3dde C:\Windows\Installer\{01a92766-5d95-73d4-cde5-504f9c291fa7}\U\00000004.@ C:\Windows\Installer\{01a92766-5d95-73d4-cde5-504f9c291fa7}\U\00000008.@ C:\Windows\Installer\{01a92766-5d95-73d4-cde5-504f9c291fa7}\U\000000cb.@ C:\Windows\Installer\{01a92766-5d95-73d4-cde5-504f9c291fa7}\U\80000000.@ C:\Windows\Installer\{01a92766-5d95-73d4-cde5-504f9c291fa7}\U\80000032.@ C:\Windows\Installer\{01a92766-5d95-73d4-cde5-504f9c291fa7}\U\80000064.@ ZeroAccess: C:\Users\Eric Davignon\AppData\Local\{01a92766-5d95-73d4-cde5-504f9c291fa7} C:\Users\Eric Davignon\AppData\Local\{01a92766-5d95-73d4-cde5-504f9c291fa7}\@ C:\Users\Eric Davignon\AppData\Local\{01a92766-5d95-73d4-cde5-504f9c291fa7}\L C:\Users\Eric Davignon\AppData\Local\{01a92766-5d95-73d4-cde5-504f9c291fa7}\U ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe BC81150939BD52DBC7A08C245F1FB229 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 15% Total physical RAM: 4094.23 MB Available physical RAM: 3457.13 MB Total Pagefile: 3825.41 MB Available Pagefile: 3437.32 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:596.17 GB) (Free:204.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (FRMCXFRE_EN_DVD) (CDROM) (Total:3.66 GB) (Free:0 GB) UDF 3 Drive e: () (Removable) (Total:0.46 GB) (Free:0.46 GB) FAT 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 596 GB 596 GB Disk 1 Online 596 GB 0 B Disk 2 Online 471 MB 0 B Partitions of Disk 0: =============== There are no partitions on this disk to show. ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 596 GB 1024 KB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C NTFS Partition 596 GB Healthy ================================================================================== Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 471 MB 32 KB ================================================================================== Disk: 2 Partition 1 Type : 0E Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 E FAT Removable 471 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-30 16:12 ======================= End Of Log ========================== Farbar Recovery Scan Tool Version: 25-07-2012 01 Ran by SYSTEM at 2012-07-30 22:26:21 Running from E:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe [2009-09-01 11:11] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe [2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe [2009-09-01 11:11] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3 C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe [2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719 C:\Windows\SysWOW64\services.exe [2009-09-01 11:11] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B C:\Windows\System32\services.exe [2009-09-01 11:11] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) BC81150939BD52DBC7A08C245F1FB229 ====== End Of Search ======
-
Below is the report, thanks! RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User: Eric Davignon [Admin rights] Mode: Scan -- Date: 07/30/2012 20:39:41 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [sUSP PATH] Two Monitor.lnk @Eric Davignon : C:\Users\Eric Davignon\AppData\Roaming\Realtime Soft\UltraMon\Profiles\Two Monitor.umprofile -> FOUND [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Eric Davignon\AppData\Local\{01a92766-5d95-73d4-cde5-504f9c291fa7}\n.) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{01a92766-5d95-73d4-cde5-504f9c291fa7}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{01a92766-5d95-73d4-cde5-504f9c291fa7}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{01a92766-5d95-73d4-cde5-504f9c291fa7}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\eric davignon\appdata\local\{01a92766-5d95-73d4-cde5-504f9c291fa7}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\eric davignon\appdata\local\{01a92766-5d95-73d4-cde5-504f9c291fa7}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\eric davignon\appdata\local\{01a92766-5d95-73d4-cde5-504f9c291fa7}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6401AALS-00L3B2 ATA Device +++++ --- User --- [MBR] NOT VALID User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: WDC WD6401AALS-00L3B2 ATA Device +++++ --- User --- [MBR] f0802070b7c615de8578a3763ffc9305 [bSP] 9fd8f471a34670734ac1ebb95cc33876 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610478 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
-
Hello, I have received this specific item from Malwarebytes. However, after everytime I try to get rid of it and reboot it still shows up and AVG mentions that I am infected with other items. Malwarebytes seems to have fixed windows\assembly\GAC_64\desktop.ini and windows\assembly\GAC_32\desktop.ini. and I still get messages from AVG for: trojan horse patched_c.lzi I have seen other steps in other postings, however I don't know if there are additional items I should be doing instead so I'm starting fresh. Attached are the logs that are requested from the forum. Thanks for any and all help you can provide! Attach.txt DDS.txt