aphonopelma

Members
  • Content count

    10
  • Joined

  • Last visited

About aphonopelma

  • Rank
    New Member
  1. Sorry for the delay. That cleared up the issue. Is there anything else I should do?
  2. Gringo, I reset Firefox as described and rebooted. No change - "URL isn't valid" error message upon opening Firefox.
  3. Gringo - After running the fix as the infected user and rebooting, I do not get error messages anymore when I log in as the infected user. However, upon opening Firefox, I am still getting the same error (The address isn't valid The URL is not valid and cannot be loaded.). Here is the log: ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-756401148-3036523818-2876014262-1001\Software\Microsoft\Windows\CurrentVersion\Run\\lobilqbr deleted successfully. Registry value HKEY_USERS\S-1-5-21-756401148-3036523818-2876014262-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YYIYHA deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Chris\Desktop\cmd.bat deleted successfully. C:\Users\Chris\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: Admin ->Java cache emptied: 0 bytes User: All Users User: Chris ->Java cache emptied: 0 bytes User: Default User: Default User User: Owner ->Java cache emptied: 0 bytes User: Public Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: Admin ->Flash cache emptied: 7013 bytes User: All Users User: Chris ->Flash cache emptied: 57103 bytes User: Default ->Flash cache emptied: 56475 bytes User: Default User ->Flash cache emptied: 0 bytes User: Owner ->Flash cache emptied: 57011 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02082013_123912
  4. OTL logfile created on: 2/8/2013 11:31:22 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 66.83% Memory free 7.50 Gb Paging File | 6.00 Gb Available in Paging File | 80.10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596.17 Gb Total Space | 492.70 Gb Free Space | 82.64% Space Free | Partition Type: NTFS Drive D: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\d0dd051976a66e08325379754531421c\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\816e1f3b6d8812d4ae88c13e12192412\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () ========== Services (SafeList) ========== SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software) DRV:64bit: - (DroidCam) -- C:\Windows\SysNative\drivers\droidcam.sys (Dev47Apps) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows ® Win 7 DDK provider) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (VST64_DPV) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (VST64HWBS2) -- C:\Windows\SysNative\drivers\VSTBS26.SYS (Conexant Systems, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-756401148-3036523818-2876014262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-756401148-3036523818-2876014262-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB E2 58 09 F0 F8 CD 01 [binary data] IE - HKU\S-1-5-21-756401148-3036523818-2876014262-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-756401148-3036523818-2876014262-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-756401148-3036523818-2876014262-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-756401148-3036523818-2876014262-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-756401148-3036523818-2876014262-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-756401148-3036523818-2876014262-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 7B 2E 0D A8 04 CE 01 [binary data] IE - HKU\S-1-5-21-756401148-3036523818-2876014262-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-756401148-3036523818-2876014262-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B6bdc61ae-7b80-44a3-9476-e1d121ec2238%7D:0.85 FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.5.1211 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/29 22:22:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/18 07:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions [2013/02/06 19:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\extensions [2012/12/29 10:39:31 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\extensions\donottrackplus@abine.com [2013/01/02 15:21:33 | 000,401,328 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2012/11/18 08:13:07 | 000,073,384 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi [2013/01/29 22:17:53 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012/12/29 10:39:17 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/12/11 12:26:03 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js [2013/01/19 02:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/01/19 02:30:34 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll O1 HOSTS File: ([2013/02/07 01:58:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKU\S-1-5-21-756401148-3036523818-2876014262-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-756401148-3036523818-2876014262-1001..\Run: [lobilqbr] rundll32 "C:\Users\Chris\AppData\Roaming\cryptbaseo.dll",Iqvp File not found O4 - HKU\S-1-5-21-756401148-3036523818-2876014262-1001..\Run: [YYIYHA] rundll32 "C:\Users\Chris\AppData\Roaming\cttunei.dll",Okad File not found O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-756401148-3036523818-2876014262-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-756401148-3036523818-2876014262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-756401148-3036523818-2876014262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-756401148-3036523818-2876014262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-756401148-3036523818-2876014262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-756401148-3036523818-2876014262-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-756401148-3036523818-2876014262-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-756401148-3036523818-2876014262-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-756401148-3036523818-2876014262-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B4FB22D-0E6D-42F4-BAA8-77F2153CDF61}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83E4DDDE-F100-4D78-B172-4D961B6A0733}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4D73EF4-69AE-4936-BA8F-960FCA7BEE5A}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/01/13 13:36:04 | 000,000,194 | R--- | M] () - D:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/08 00:18:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/02/08 00:15:24 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/02/07 01:52:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/02/07 01:52:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/02/07 01:52:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/02/07 01:52:11 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/02/07 01:51:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/02/07 01:47:48 | 005,030,883 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe [2013/02/06 23:35:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine [2013/02/06 18:15:14 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com [2013/02/06 17:10:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CrashDumps [2013/02/06 16:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2013/02/06 15:53:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos [2013/02/06 15:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2013/02/06 10:07:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\NPE [2013/02/06 10:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2013/01/29 23:51:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes [2013/01/29 23:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/01/29 23:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/01/29 23:51:46 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/01/29 23:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/01/29 23:51:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs [2013/01/29 23:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2013/01/29 22:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2013/01/29 22:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2013/01/29 22:22:58 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013/01/29 22:22:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2013/01/29 22:20:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\LavasoftStatistics [2013/01/29 22:20:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Ad-Aware Antivirus [2013/01/29 00:29:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AccurateRip [2013/01/29 00:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp Music Converter [2013/01/29 00:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Illustrate [2013/01/29 00:28:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sox-14-4-0 [2013/01/29 00:28:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sox-14.4.0 [2013/01/29 00:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sox-14.4.0 [2013/01/24 13:47:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ElevatedDiagnostics [2013/01/24 13:34:25 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5C12.dll [2013/01/24 13:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013/01/24 13:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013/01/24 13:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2013/01/24 13:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013/01/24 13:33:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\HP [2013/01/22 18:22:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\foobar2000 [2013/01/22 18:22:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000 [2013/01/19 02:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/15 12:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/01/15 12:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013/01/15 12:19:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Google [2013/01/09 15:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013/01/09 15:04:17 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013/01/09 15:04:17 | 000,779,704 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013/01/09 13:15:15 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/01/09 13:15:15 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/01/09 13:15:04 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013/01/09 13:15:02 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013/01/09 13:14:56 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013/01/09 13:14:56 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013/01/09 13:14:56 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013/01/09 13:14:56 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013/01/09 13:14:56 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013/01/09 13:14:56 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013/01/09 13:14:56 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013/01/09 13:14:56 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013/01/09 13:14:56 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013/01/09 13:14:56 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013/01/09 13:14:56 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013/01/09 13:14:56 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013/01/09 13:14:56 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013/01/09 13:14:56 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013/01/09 13:14:56 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013/01/09 13:14:56 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013/01/09 13:14:55 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013/01/09 13:14:55 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013/01/09 13:14:55 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013/01/09 13:14:55 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013/01/09 13:14:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013/01/09 13:14:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013/01/09 13:14:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013/01/09 13:14:55 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013/01/09 13:14:54 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013/01/09 13:14:54 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013/01/09 13:14:54 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013/01/09 13:14:54 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013/01/09 13:14:53 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013/01/09 13:14:53 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013/01/09 13:14:53 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013/01/09 13:14:53 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013/01/09 13:14:40 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/01/09 13:14:39 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/01/09 13:14:38 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013/01/09 13:14:38 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/01/09 13:14:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/01/09 13:14:38 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/01/09 13:14:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013/01/09 13:14:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/01/09 13:14:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013/01/09 13:14:38 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/01/09 13:14:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/09 13:14:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/09 13:14:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/01/09 13:14:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/01/09 13:14:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/01/09 13:14:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/09 13:14:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/09 13:14:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/09 13:14:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/01/09 13:14:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/01/09 13:14:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/09 13:14:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/01/09 13:14:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/09 13:14:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/01/09 13:14:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/01/09 13:14:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/09 13:14:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/01/09 13:14:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/01/09 13:14:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/01/09 13:14:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/01/09 13:14:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/01/09 13:14:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/01/09 13:14:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/09 13:14:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/09 13:14:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/01/09 13:14:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/01/09 13:14:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/01/09 13:14:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/01/09 13:14:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/01/09 13:14:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/01/09 13:14:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/09 13:14:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/01/09 13:14:34 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/01/09 13:14:34 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/01/09 13:14:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/01/09 13:14:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/01/09 13:14:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/01/09 13:14:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/01/09 13:14:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/01/09 13:14:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe ========== Files - Modified Within 30 Days ========== [2013/02/08 11:29:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/08 11:26:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/08 11:26:18 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/08 11:26:18 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/02/08 11:19:44 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/08 10:51:44 | 000,018,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/08 10:51:44 | 000,018,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/08 10:48:00 | 000,743,794 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/08 10:48:00 | 000,635,612 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/08 10:48:00 | 000,111,186 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/08 10:43:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/08 10:43:34 | 3019,202,560 | -HS- | M] () -- C:\hiberfil.sys [2013/02/07 01:58:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/02/07 01:47:30 | 005,030,883 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe [2013/02/06 20:52:40 | 000,778,240 | ---- | M] () -- C:\Users\Owner\Desktop\RogueKiller.exe [2013/02/06 20:51:57 | 000,582,209 | ---- | M] () -- C:\Users\Owner\Desktop\adwcleaner.exe [2013/02/06 20:50:59 | 000,881,914 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck.exe [2013/02/06 18:14:56 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com [2013/02/06 15:53:09 | 000,003,205 | ---- | M] () -- C:\Users\Owner\Desktop\Sophos Virus Removal Tool.lnk [2013/01/29 23:51:53 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/29 22:22:57 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013/01/29 11:32:19 | 000,263,813 | ---- | M] () -- C:\Users\Owner\Documents\zombiecat.jpg [2013/01/29 00:29:27 | 000,013,082 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat [2013/01/29 00:29:19 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp [2013/01/29 00:29:16 | 004,022,504 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2013/01/29 00:29:12 | 000,017,950 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2013/01/29 00:28:41 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp [2013/01/29 00:28:07 | 000,001,666 | ---- | M] () -- C:\Users\Owner\Desktop\wget.exe.lnk [2013/01/29 00:28:07 | 000,001,658 | ---- | M] () -- C:\Users\Owner\Desktop\sox.exe.lnk [2013/01/24 13:34:22 | 000,002,152 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6700.lnk [2013/01/24 13:34:22 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 6700.lnk [2013/01/24 13:33:37 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013/01/23 01:57:15 | 000,107,434 | ---- | M] () -- C:\Users\Owner\Documents\3G3uW.jpg [2013/01/23 01:17:59 | 000,044,464 | ---- | M] () -- C:\Users\Owner\Documents\$(KGrHqNHJE!FDz49LG5NBQ-Yvgw9oQ~~60_12.JPG [2013/01/23 01:17:40 | 000,032,635 | ---- | M] () -- C:\Users\Owner\Documents\$(KGrHqZHJEsFDzL1Uj2jBQ-YvY!3ZQ~~60_12.JPG [2013/01/23 01:16:34 | 000,039,979 | ---- | M] () -- C:\Users\Owner\Documents\$(KGrHqZHJFcFD258HTzyBQ-YvQwiBw~~60_12.JPG [2013/01/23 01:15:39 | 000,038,285 | ---- | M] () -- C:\Users\Owner\Documents\$T2eC16NHJG!E9nm3o)rwBQ-Yvpb!Mg~~60_12.JPG [2013/01/23 01:15:08 | 000,042,951 | ---- | M] () -- C:\Users\Owner\Documents\$T2eC16JHJHIE9nysd571BQ-YvyLp,Q~~60_12.JPG [2013/01/22 18:22:37 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk [2013/01/21 23:42:08 | 000,035,958 | ---- | M] () -- C:\Users\Owner\Documents\271886-largest_4888.jpg [2013/01/21 23:39:30 | 000,028,016 | ---- | M] () -- C:\Users\Owner\Documents\271880-work-4887.jpg [2013/01/15 15:37:41 | 000,002,279 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/01/15 12:20:51 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/01/10 03:26:20 | 000,444,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/09 15:03:54 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013/01/09 15:03:54 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll ========== Files Created - No Company Name ========== [2013/02/07 01:52:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/02/07 01:52:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/02/07 01:52:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/02/07 01:52:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/02/07 01:52:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/02/06 20:52:50 | 000,778,240 | ---- | C] () -- C:\Users\Owner\Desktop\RogueKiller.exe [2013/02/06 20:52:08 | 000,582,209 | ---- | C] () -- C:\Users\Owner\Desktop\adwcleaner.exe [2013/02/06 20:51:09 | 000,881,914 | ---- | C] () -- C:\Users\Owner\Desktop\SecurityCheck.exe [2013/02/06 15:53:09 | 000,003,205 | ---- | C] () -- C:\Users\Owner\Desktop\Sophos Virus Removal Tool.lnk [2013/01/29 23:51:53 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/29 11:32:18 | 000,263,813 | ---- | C] () -- C:\Users\Owner\Documents\zombiecat.jpg [2013/01/29 00:29:27 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp [2013/01/29 00:29:27 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat [2013/01/29 00:29:12 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp [2013/01/29 00:29:12 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2013/01/29 00:29:05 | 004,022,504 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2013/01/29 00:28:07 | 000,001,666 | ---- | C] () -- C:\Users\Owner\Desktop\wget.exe.lnk [2013/01/29 00:28:07 | 000,001,658 | ---- | C] () -- C:\Users\Owner\Desktop\sox.exe.lnk [2013/01/24 13:34:22 | 000,002,152 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6700.lnk [2013/01/24 13:34:22 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 6700.lnk [2013/01/24 13:33:37 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013/01/23 01:57:14 | 000,107,434 | ---- | C] () -- C:\Users\Owner\Documents\3G3uW.jpg [2013/01/23 01:17:58 | 000,044,464 | ---- | C] () -- C:\Users\Owner\Documents\$(KGrHqNHJE!FDz49LG5NBQ-Yvgw9oQ~~60_12.JPG [2013/01/23 01:17:39 | 000,032,635 | ---- | C] () -- C:\Users\Owner\Documents\$(KGrHqZHJEsFDzL1Uj2jBQ-YvY!3ZQ~~60_12.JPG [2013/01/23 01:16:33 | 000,039,979 | ---- | C] () -- C:\Users\Owner\Documents\$(KGrHqZHJFcFD258HTzyBQ-YvQwiBw~~60_12.JPG [2013/01/23 01:15:38 | 000,038,285 | ---- | C] () -- C:\Users\Owner\Documents\$T2eC16NHJG!E9nm3o)rwBQ-Yvpb!Mg~~60_12.JPG [2013/01/23 01:15:07 | 000,042,951 | ---- | C] () -- C:\Users\Owner\Documents\$T2eC16JHJHIE9nysd571BQ-YvyLp,Q~~60_12.JPG [2013/01/22 18:22:37 | 000,001,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk [2013/01/22 18:22:37 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk [2013/01/21 23:42:08 | 000,035,958 | ---- | C] () -- C:\Users\Owner\Documents\271886-largest_4888.jpg [2013/01/21 23:39:29 | 000,028,016 | ---- | C] () -- C:\Users\Owner\Documents\271880-work-4887.jpg [2013/01/15 12:20:51 | 000,002,279 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/01/15 12:20:51 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/01/15 12:19:52 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/15 12:19:51 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/06 16:18:16 | 000,000,031 | ---- | C] () -- C:\ProgramData\droidcam-settings [2012/11/23 15:25:17 | 000,759,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/11/18 08:14:45 | 000,000,632 | RHS- | C] () -- C:\Users\Owner\ntuser.pol [2012/11/14 14:52:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
  5. Gringo, Should I be running this as the admin or the infected user?
  6. Ran Combofix as Chris, rebooted. Both error messages still present upon booting; Firefox homepage error still present. I ran it without the script we used the 2nd time, since you did not specify to use it. Should I?
  7. Gringo - Thanks for your response. After running the script, nothing has changed from last time, which means - - No redirect behavior apparent - Every time I log in as "Chris", I get "There was a problem starting C:\Users\Chris\AppData\Roaming\cttunei.dll The specified module could not be found" as well as one for cryptbaseo.dll - Chrome is fully functional - Firefox still reads "The URL is not valid and cannot be loaded" upon opening; Firefox settings say it should be loading FIrefox home page ComboFix 13-02-06.02 - Owner 02/07/2013 20:12:12.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2469 [GMT -5:00] Running from: c:\users\Owner\Desktop\ComboFix.exe Command switches used :: c:\users\Owner\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-01-08 to 2013-02-08 ))))))))))))))))))))))))))))))) . . 2013-02-08 01:19 . 2013-02-08 01:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-08 01:19 . 2013-02-08 01:19 -------- d-----w- c:\users\Chris\AppData\Local\temp 2013-02-08 01:19 . 2013-02-08 01:19 -------- d-----w- c:\users\Admin\AppData\Local\temp 2013-02-07 14:38 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9047FFB2-2388-4465-B735-FEA4EB51AB97}\mpengine.dll 2013-02-06 22:10 . 2013-02-06 22:13 -------- d-----w- c:\users\Owner\AppData\Local\CrashDumps 2013-02-06 21:36 . 2013-02-06 21:36 -------- d-----w- c:\programdata\Sophos 2013-02-06 20:53 . 2013-02-06 20:53 73728 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2013-02-06 20:53 . 2013-02-06 20:53 73728 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2013-02-06 20:53 . 2013-02-06 20:53 73728 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2013-02-06 20:52 . 2013-02-06 20:52 -------- d-----w- c:\program files (x86)\Sophos 2013-02-06 15:07 . 2013-02-06 15:15 -------- d-----w- c:\users\Owner\AppData\Local\NPE 2013-02-06 15:07 . 2013-02-06 15:07 -------- d-----w- c:\programdata\Norton 2013-02-05 20:14 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-31 05:13 . 2013-01-31 05:13 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes 2013-01-31 04:27 . 2013-01-31 04:27 -------- d-----w- c:\users\Admin\AppData\Local\Microsoft Games 2013-01-31 00:15 . 2013-01-31 00:15 -------- d-----w- c:\users\Admin\AppData\Local\Google 2013-01-31 00:15 . 2013-01-31 09:54 -------- d-----w- c:\users\Admin\AppData\Roaming\Ad-Aware Antivirus 2013-01-31 00:15 . 2013-01-31 00:15 -------- d-----w- c:\users\Admin\AppData\Local\adawarebp 2013-01-30 05:09 . 2013-01-30 18:26 -------- d-----w- c:\users\Chris\AppData\Roaming\Ad-Aware Antivirus 2013-01-30 05:09 . 2013-01-30 05:09 -------- d-----w- c:\users\Chris\AppData\Local\adawarebp 2013-01-30 04:51 . 2013-01-30 04:51 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes 2013-01-30 04:51 . 2013-01-30 04:51 -------- d-----w- c:\programdata\Malwarebytes 2013-01-30 04:51 . 2013-01-30 04:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-30 04:51 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-30 04:51 . 2013-01-30 04:51 -------- d-----w- c:\users\Owner\AppData\Local\Programs 2013-01-30 04:34 . 2013-01-30 04:34 -------- d-----w- c:\programdata\Ad-Aware Antivirus 2013-01-30 03:23 . 2013-01-30 03:23 -------- d-----w- c:\programdata\Lavasoft 2013-01-30 03:23 . 2013-02-06 22:32 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus 2013-01-30 03:22 . 2013-01-30 03:22 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-01-30 03:22 . 2013-01-30 03:22 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2013-01-30 03:20 . 2013-02-06 22:29 -------- d-----w- c:\users\Owner\AppData\Roaming\LavasoftStatistics 2013-01-30 03:20 . 2013-01-30 10:26 -------- d-----w- c:\users\Owner\AppData\Roaming\Ad-Aware Antivirus 2013-01-29 05:29 . 2013-01-29 05:29 -------- d-----w- c:\users\Owner\AppData\Roaming\AccurateRip 2013-01-29 05:29 . 2013-01-29 05:29 4022504 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe 2013-01-29 05:28 . 2013-01-29 05:28 -------- d-----w- c:\program files (x86)\Illustrate 2013-01-29 05:28 . 2013-01-29 05:28 -------- d-----w- c:\program files (x86)\sox-14-4-0 2013-01-25 23:51 . 2013-01-25 23:51 -------- d-----w- c:\users\Chris\AppData\Roaming\foobar2000 2013-01-24 18:47 . 2013-01-24 18:47 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics 2013-01-24 18:34 . 2012-10-17 09:31 741480 ------w- c:\windows\system32\HPDiscoPM5C12.dll 2013-01-24 18:33 . 2013-01-24 18:33 -------- d-----w- c:\programdata\HP 2013-01-24 18:33 . 2013-01-24 18:33 -------- d-----w- c:\program files (x86)\HP 2013-01-24 18:33 . 2013-01-24 18:33 -------- d-----w- c:\program files\HP 2013-01-24 18:33 . 2013-01-24 18:33 -------- d-----w- c:\users\Owner\AppData\Local\HP 2013-01-22 23:22 . 2013-02-06 15:07 -------- d-----w- c:\users\Owner\AppData\Roaming\foobar2000 2013-01-22 23:22 . 2013-01-22 23:22 -------- d-----w- c:\program files (x86)\foobar2000 2013-01-16 05:59 . 2013-01-16 05:59 -------- d-----w- c:\users\Public\Darkest of Days 2013-01-16 05:59 . 2013-01-16 05:59 -------- d-----w- c:\users\Chris\AppData\Roaming\InstallShield Installation Information 2013-01-16 05:59 . 2013-01-16 05:59 -------- d-----w- c:\users\Chris\AppData\Roaming\InstallShield 2013-01-15 21:52 . 2013-01-26 20:27 -------- d-----w- c:\users\Chris\AppData\Local\Google 2013-01-15 17:19 . 2013-01-15 17:20 -------- d-----w- c:\program files (x86)\Google 2013-01-15 17:19 . 2013-01-15 17:20 -------- d-----w- c:\users\Owner\AppData\Local\Google 2013-01-09 21:34 . 2013-01-11 05:51 -------- d-----w- c:\users\Chris\AppData\Local\Mozilla Thunderbird 2013-01-09 20:04 . 2013-01-09 20:03 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-01-09 20:04 . 2013-01-09 20:03 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-09 18:15 . 2012-11-09 05:34 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 18:15 . 2012-11-09 04:49 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 18:15 . 2012-11-02 05:30 2001408 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 18:15 . 2012-11-02 05:30 1880064 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 18:15 . 2012-11-02 04:50 1388544 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 18:15 . 2012-11-02 04:50 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-09 18:15 . 2012-11-20 05:55 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 18:15 . 2012-11-20 05:10 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-09 18:15 . 2012-11-22 10:32 801280 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 18:15 . 2012-11-22 09:33 627712 ----a-w- c:\windows\SysWow64\usp10.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-30 10:53 . 2012-11-14 19:59 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-10 08:02 . 2012-11-14 20:15 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-08 23:26 . 2012-11-15 18:34 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-08 23:26 . 2012-11-15 18:34 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-06 20:47 . 2013-01-06 20:47 25216 ----a-w- c:\windows\system32\drivers\droidcam.sys 2012-12-16 16:52 . 2012-12-21 08:00 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:40 . 2012-12-21 08:00 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:25 . 2012-12-21 08:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:25 . 2012-12-21 08:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-11-30 04:56 . 2013-01-09 18:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-28 21:44 . 2012-11-28 21:48 135933721 ----a-w- C:\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe 2012-11-28 06:20 . 2012-11-28 06:20 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38CD94B8-90D1-4A5F-9F98-7D3EC90C0202}\gapaengine.dll 2012-11-18 04:44 . 2012-11-28 06:20 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-11-14 20:25 . 2012-11-14 20:25 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-11-14 20:25 . 2012-11-14 20:25 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-11-14 20:25 . 2012-11-14 20:25 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-11-14 20:25 . 2012-11-14 20:25 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-11-14 20:25 . 2012-11-14 20:25 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-11-14 20:25 . 2012-11-14 20:25 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-11-14 20:25 . 2012-11-14 20:25 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-11-14 20:25 . 2012-11-14 20:25 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-11-14 20:25 . 2012-11-14 20:25 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-11-14 20:25 . 2012-11-14 20:25 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-11-14 20:25 . 2012-11-14 20:25 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-11-14 20:25 . 2012-11-14 20:25 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-11-14 20:25 . 2012-11-14 20:25 222208 ----a-w- c:\windows\system32\msls31.dll 2012-11-14 20:25 . 2012-11-14 20:25 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-11-14 20:25 . 2012-11-14 20:25 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-11-14 20:25 . 2012-11-14 20:25 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-11-14 20:25 . 2012-11-14 20:25 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-11-14 20:25 . 2012-11-14 20:25 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-11-14 20:25 . 2012-11-14 20:25 82432 ----a-w- c:\windows\system32\icardie.dll 2012-11-14 20:25 . 2012-11-14 20:25 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-11-14 20:25 . 2012-11-14 20:25 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-11-14 20:25 . 2012-11-14 20:25 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-11-14 20:25 . 2012-11-14 20:25 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-11-14 20:25 . 2012-11-14 20:25 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-11-14 20:25 . 2012-11-14 20:25 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-11-14 20:25 . 2012-11-14 20:25 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2012-11-14 20:25 . 2012-11-14 20:25 448512 ----a-w- c:\windows\system32\html.iec 2012-11-14 20:25 . 2012-11-14 20:25 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2012-11-14 20:25 . 2012-11-14 20:25 39936 ----a-w- c:\windows\system32\iernonce.dll 2012-11-14 20:25 . 2012-11-14 20:25 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2012-11-14 20:25 . 2012-11-14 20:25 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-14 20:25 . 2012-11-14 20:25 282112 ----a-w- c:\windows\system32\dxtrans.dll 2012-11-14 20:25 . 2012-11-14 20:25 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-11-14 20:25 . 2012-11-14 20:25 249344 ----a-w- c:\windows\system32\webcheck.dll 2012-11-14 20:25 . 2012-11-14 20:25 197120 ----a-w- c:\windows\system32\msrating.dll 2012-11-14 20:25 . 2012-11-14 20:25 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-11-14 20:25 . 2012-11-14 20:25 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-11-14 20:25 . 2012-11-14 20:25 149504 ----a-w- c:\windows\system32\occache.dll 2012-11-14 20:25 . 2012-11-14 20:25 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-11-14 20:25 . 2012-11-14 20:25 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-11-14 20:25 . 2012-11-14 20:25 12288 ----a-w- c:\windows\system32\mshta.exe 2012-11-14 20:25 . 2012-11-14 20:25 114176 ----a-w- c:\windows\system32\admparse.dll 2012-11-14 20:25 . 2012-11-14 20:25 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-11-14 20:25 . 2012-11-14 20:25 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-11-14 20:25 . 2012-11-14 20:25 103936 ----a-w- c:\windows\system32\inseng.dll 2012-11-14 20:25 . 2012-11-14 20:25 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-11-14 20:25 . 2012-11-14 20:25 160256 ----a-w- c:\windows\system32\wextract.exe 2012-11-14 07:06 . 2012-12-13 08:01 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 08:01 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 08:01 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 08:01 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 08:01 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 08:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 08:01 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 08:01 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 08:01 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 08:01 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 08:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 08:01 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 08:01 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 08:01 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 08:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 08:01 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 08:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 08:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 08:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 08:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 08:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 08:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-05 1354736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880] . c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [2013-01-06 25216] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-18 1255736] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-01-30 14456] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-19 712704] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-31 22:24 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-15 23:26] . 2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-15 17:19] . 2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-15 17:19] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\ FF - ExtSQL: 2012-12-29 10:39; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2012-12-29 10:39; donottrackplus@abine.com; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\extensions\donottrackplus@abine.com FF - ExtSQL: 2013-01-02 15:21; jid1-xUfzOsOFlzSOXg@jetpack; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi . - - - - ORPHANS REMOVED - - - - . AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-07 20:27:32 ComboFix-quarantined-files.txt 2013-02-08 01:27 ComboFix2.txt 2013-02-07 07:00 . Pre-Run: 529,482,821,632 bytes free Post-Run: 529,194,127,360 bytes free . - - End Of File - - 8C1D24EA8E6C4C7ACF84DE5BF3E7D9BF
  8. Thanks! I've followed your instructions, and here's where I'm at now: - Chrome is still functioning normally. - I cannot get Firefox to redirect anything, even with enticing search queries like "buy ipod", but the homepage still reads "The URL is not valid and cannot be loaded" (Firefox settings say it should be loading the Mozilla home page). This started happening when the infection emerged. - Still cannot check IE. - When I logged into the "Chris" account, I got: "There was a problem starting C:\Users\Chris\AppData\Roaming\cttunei.dll The specified module could not be found" as well as one for cryptbaseo.dll. Dismissed both. - I'm not sure whether this is relevant or just a curiosity, but I remembered a detail from last round: The redirect behavior changed. At first, I couldn't induce it. When I did, it was initially redirecting from a google search result link back to the google home page. A few links later, it was back to its old behavior, but via a new site (not click.livesearchnow). I couldn't read fast enough to catch exactly what it said, but it looked something like "thedailysatire". Anyway, here's my log: ComboFix 13-02-06.02 - Owner 02/07/2013 1:53.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2538 [GMT -5:00] Running from: c:\users\Owner\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Chris\AppData\Roaming\cryptbaseo.dll c:\users\Chris\AppData\Roaming\cttunei.dll c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2013-01-07 to 2013-02-07 ))))))))))))))))))))))))))))))) . . 2013-02-07 06:57 . 2013-02-07 06:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-07 06:57 . 2013-02-07 06:57 -------- d-----w- c:\users\Chris\AppData\Local\temp 2013-02-07 06:57 . 2013-02-07 06:57 -------- d-----w- c:\users\Admin\AppData\Local\temp 2013-02-07 00:33 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE87BF52-F170-4279-BE4B-3D6C41E624A1}\mpengine.dll 2013-02-06 22:10 . 2013-02-06 22:13 -------- d-----w- c:\users\Owner\AppData\Local\CrashDumps 2013-02-06 21:36 . 2013-02-06 21:36 -------- d-----w- c:\programdata\Sophos 2013-02-06 20:53 . 2013-02-06 20:53 73728 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2013-02-06 20:53 . 2013-02-06 20:53 73728 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2013-02-06 20:53 . 2013-02-06 20:53 73728 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2013-02-06 20:52 . 2013-02-06 20:52 -------- d-----w- c:\program files (x86)\Sophos 2013-02-06 15:07 . 2013-02-06 15:15 -------- d-----w- c:\users\Owner\AppData\Local\NPE 2013-02-06 15:07 . 2013-02-06 15:07 -------- d-----w- c:\programdata\Norton 2013-02-05 20:14 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-31 05:13 . 2013-01-31 05:13 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes 2013-01-31 04:27 . 2013-01-31 04:27 -------- d-----w- c:\users\Admin\AppData\Local\Microsoft Games 2013-01-31 00:15 . 2013-01-31 00:15 -------- d-----w- c:\users\Admin\AppData\Local\Google 2013-01-31 00:15 . 2013-01-31 09:54 -------- d-----w- c:\users\Admin\AppData\Roaming\Ad-Aware Antivirus 2013-01-31 00:15 . 2013-01-31 00:15 -------- d-----w- c:\users\Admin\AppData\Local\adawarebp 2013-01-30 05:09 . 2013-01-30 18:26 -------- d-----w- c:\users\Chris\AppData\Roaming\Ad-Aware Antivirus 2013-01-30 05:09 . 2013-01-30 05:09 -------- d-----w- c:\users\Chris\AppData\Local\adawarebp 2013-01-30 04:51 . 2013-01-30 04:51 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes 2013-01-30 04:51 . 2013-01-30 04:51 -------- d-----w- c:\programdata\Malwarebytes 2013-01-30 04:51 . 2013-01-30 04:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-30 04:51 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-30 04:51 . 2013-01-30 04:51 -------- d-----w- c:\users\Owner\AppData\Local\Programs 2013-01-30 04:34 . 2013-01-30 04:34 -------- d-----w- c:\programdata\Ad-Aware Antivirus 2013-01-30 03:23 . 2013-01-30 03:23 -------- d-----w- c:\programdata\Lavasoft 2013-01-30 03:23 . 2013-02-06 22:32 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus 2013-01-30 03:22 . 2013-01-30 03:22 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-01-30 03:22 . 2013-01-30 03:22 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2013-01-30 03:20 . 2013-02-06 22:29 -------- d-----w- c:\users\Owner\AppData\Roaming\LavasoftStatistics 2013-01-30 03:20 . 2013-01-30 10:26 -------- d-----w- c:\users\Owner\AppData\Roaming\Ad-Aware Antivirus 2013-01-29 05:29 . 2013-01-29 05:29 -------- d-----w- c:\users\Owner\AppData\Roaming\AccurateRip 2013-01-29 05:29 . 2013-01-29 05:29 4022504 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe 2013-01-29 05:28 . 2013-01-29 05:28 -------- d-----w- c:\program files (x86)\Illustrate 2013-01-29 05:28 . 2013-01-29 05:28 -------- d-----w- c:\program files (x86)\sox-14-4-0 2013-01-25 23:51 . 2013-01-25 23:51 -------- d-----w- c:\users\Chris\AppData\Roaming\foobar2000 2013-01-24 18:47 . 2013-01-24 18:47 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics 2013-01-24 18:34 . 2012-10-17 09:31 741480 ------w- c:\windows\system32\HPDiscoPM5C12.dll 2013-01-24 18:33 . 2013-01-24 18:33 -------- d-----w- c:\programdata\HP 2013-01-24 18:33 . 2013-01-24 18:33 -------- d-----w- c:\program files (x86)\HP 2013-01-24 18:33 . 2013-01-24 18:33 -------- d-----w- c:\program files\HP 2013-01-24 18:33 . 2013-01-24 18:33 -------- d-----w- c:\users\Owner\AppData\Local\HP 2013-01-22 23:22 . 2013-02-06 15:07 -------- d-----w- c:\users\Owner\AppData\Roaming\foobar2000 2013-01-22 23:22 . 2013-01-22 23:22 -------- d-----w- c:\program files (x86)\foobar2000 2013-01-16 05:59 . 2013-01-16 05:59 -------- d-----w- c:\users\Public\Darkest of Days 2013-01-16 05:59 . 2013-01-16 05:59 -------- d-----w- c:\users\Chris\AppData\Roaming\InstallShield Installation Information 2013-01-16 05:59 . 2013-01-16 05:59 -------- d-----w- c:\users\Chris\AppData\Roaming\InstallShield 2013-01-15 21:52 . 2013-01-26 20:27 -------- d-----w- c:\users\Chris\AppData\Local\Google 2013-01-15 17:19 . 2013-01-15 17:20 -------- d-----w- c:\program files (x86)\Google 2013-01-15 17:19 . 2013-01-15 17:20 -------- d-----w- c:\users\Owner\AppData\Local\Google 2013-01-09 21:34 . 2013-01-11 05:51 -------- d-----w- c:\users\Chris\AppData\Local\Mozilla Thunderbird 2013-01-09 20:04 . 2013-01-09 20:03 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-01-09 20:04 . 2013-01-09 20:03 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-09 18:15 . 2012-11-09 05:34 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 18:15 . 2012-11-09 04:49 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 18:15 . 2012-11-02 05:30 2001408 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 18:15 . 2012-11-02 05:30 1880064 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 18:15 . 2012-11-02 04:50 1388544 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 18:15 . 2012-11-02 04:50 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-09 18:15 . 2012-11-20 05:55 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 18:15 . 2012-11-20 05:10 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-09 18:15 . 2012-11-22 10:32 801280 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 18:15 . 2012-11-22 09:33 627712 ----a-w- c:\windows\SysWow64\usp10.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-30 10:53 . 2012-11-14 19:59 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-10 08:02 . 2012-11-14 20:15 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-08 23:26 . 2012-11-15 18:34 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-08 23:26 . 2012-11-15 18:34 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-06 20:47 . 2013-01-06 20:47 25216 ----a-w- c:\windows\system32\drivers\droidcam.sys 2012-12-16 16:52 . 2012-12-21 08:00 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:40 . 2012-12-21 08:00 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:25 . 2012-12-21 08:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:25 . 2012-12-21 08:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-11-30 04:56 . 2013-01-09 18:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-28 21:44 . 2012-11-28 21:48 135933721 ----a-w- C:\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe 2012-11-28 06:20 . 2012-11-28 06:20 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38CD94B8-90D1-4A5F-9F98-7D3EC90C0202}\gapaengine.dll 2012-11-18 04:44 . 2012-11-28 06:20 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-11-14 20:25 . 2012-11-14 20:25 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-11-14 20:25 . 2012-11-14 20:25 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-11-14 20:25 . 2012-11-14 20:25 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-11-14 20:25 . 2012-11-14 20:25 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-11-14 20:25 . 2012-11-14 20:25 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-11-14 20:25 . 2012-11-14 20:25 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-11-14 20:25 . 2012-11-14 20:25 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-11-14 20:25 . 2012-11-14 20:25 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-11-14 20:25 . 2012-11-14 20:25 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-11-14 20:25 . 2012-11-14 20:25 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-11-14 20:25 . 2012-11-14 20:25 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-11-14 20:25 . 2012-11-14 20:25 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-11-14 20:25 . 2012-11-14 20:25 222208 ----a-w- c:\windows\system32\msls31.dll 2012-11-14 20:25 . 2012-11-14 20:25 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-11-14 20:25 . 2012-11-14 20:25 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-11-14 20:25 . 2012-11-14 20:25 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-11-14 20:25 . 2012-11-14 20:25 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-11-14 20:25 . 2012-11-14 20:25 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-11-14 20:25 . 2012-11-14 20:25 82432 ----a-w- c:\windows\system32\icardie.dll 2012-11-14 20:25 . 2012-11-14 20:25 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-11-14 20:25 . 2012-11-14 20:25 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-11-14 20:25 . 2012-11-14 20:25 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-11-14 20:25 . 2012-11-14 20:25 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-11-14 20:25 . 2012-11-14 20:25 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-11-14 20:25 . 2012-11-14 20:25 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-11-14 20:25 . 2012-11-14 20:25 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2012-11-14 20:25 . 2012-11-14 20:25 448512 ----a-w- c:\windows\system32\html.iec 2012-11-14 20:25 . 2012-11-14 20:25 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2012-11-14 20:25 . 2012-11-14 20:25 39936 ----a-w- c:\windows\system32\iernonce.dll 2012-11-14 20:25 . 2012-11-14 20:25 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2012-11-14 20:25 . 2012-11-14 20:25 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-14 20:25 . 2012-11-14 20:25 282112 ----a-w- c:\windows\system32\dxtrans.dll 2012-11-14 20:25 . 2012-11-14 20:25 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-11-14 20:25 . 2012-11-14 20:25 249344 ----a-w- c:\windows\system32\webcheck.dll 2012-11-14 20:25 . 2012-11-14 20:25 197120 ----a-w- c:\windows\system32\msrating.dll 2012-11-14 20:25 . 2012-11-14 20:25 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-11-14 20:25 . 2012-11-14 20:25 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-11-14 20:25 . 2012-11-14 20:25 149504 ----a-w- c:\windows\system32\occache.dll 2012-11-14 20:25 . 2012-11-14 20:25 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-11-14 20:25 . 2012-11-14 20:25 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-11-14 20:25 . 2012-11-14 20:25 12288 ----a-w- c:\windows\system32\mshta.exe 2012-11-14 20:25 . 2012-11-14 20:25 114176 ----a-w- c:\windows\system32\admparse.dll 2012-11-14 20:25 . 2012-11-14 20:25 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-11-14 20:25 . 2012-11-14 20:25 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-11-14 20:25 . 2012-11-14 20:25 103936 ----a-w- c:\windows\system32\inseng.dll 2012-11-14 20:25 . 2012-11-14 20:25 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-11-14 20:25 . 2012-11-14 20:25 160256 ----a-w- c:\windows\system32\wextract.exe 2012-11-14 07:06 . 2012-12-13 08:01 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 08:01 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 08:01 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 08:01 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 08:01 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 08:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 08:01 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 08:01 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 08:01 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 08:01 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 08:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 08:01 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 08:01 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 08:01 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 08:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 08:01 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 08:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 08:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 08:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 08:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 08:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 08:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-05 1354736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880] . c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [2013-01-06 25216] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-18 1255736] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-01-30 14456] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-19 712704] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-31 22:24 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-15 23:26] . 2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-15 17:19] . 2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-15 17:19] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\ FF - ExtSQL: 2012-12-29 10:39; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2012-12-29 10:39; donottrackplus@abine.com; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\extensions\donottrackplus@abine.com FF - ExtSQL: 2013-01-02 15:21; jid1-xUfzOsOFlzSOXg@jetpack; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi . - - - - ORPHANS REMOVED - - - - . AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-07 02:00:27 ComboFix-quarantined-files.txt 2013-02-07 07:00 . Pre-Run: 529,266,241,536 bytes free Post-Run: 529,597,419,520 bytes free . - - End Of File - - FEF5BA49DE4FE369F69658E6AE6CDBB0
  9. Hi Gringo, Thanks for the quick reply. I've followed your instructions, and here's where I'm at: - Chrome is functioning normally. Previously, it wasn't working it all - all pages came up blank. No redirect activity apparent. - Firefox is still affected. The home page reads "The URL is not valid and cannot be loaded." Sporadic redirects - not reliably reproducible. - IE: IE was the most profoundly affected of the three, and before coming here for help, I disabled it altogether, so I can't give you an update on its behavior. Log files: Results of screen317's Security Check version 0.99.57 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Adobe Flash Player 11.5.502.146 Adobe Reader XI Mozilla Firefox (18.0.1) Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` # AdwCleaner v2.111 - Logfile created 02/06/2013 at 23:29:26 # Updated 05/02/2013 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : Owner - OWNER-PC # Boot Mode : Normal # Running from : C:\Users\Owner\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\adawaretb Folder Deleted : C:\ProgramData\blekko toolbars Folder Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0bjnjcs0.default\adawaretb Folder Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\5xqw34qz.default\adawaretb Folder Deleted : C:\Users\Owner\AppData\LocalLow\adawaretb Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\adawaretb ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.1 (en-US) File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\prefs.js [OK] File is clean. File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\5xqw34qz.default\prefs.js [OK] File is clean. File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0bjnjcs0.default\prefs.js [OK] File is clean. -\\ Google Chrome v24.0.1312.57 File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [1701 octets] - [06/02/2013 23:29:26] ########## EOF - C:\AdwCleaner[s1].txt - [1761 octets] ########## RogueKiller V8.4.4 [Feb 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Owner [Admin rights] Mode : Remove -- Date : 02/06/2013 23:39:55 | ARK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 14 ¤¤¤ [TASK][sUSP PATH] {0F04F0BD-231F-418F-B70D-24FE35DB2E18} : C:\Users\Chris\Desktop\Fallout\FALLOUTW.EXE -> DELETED [TASK][sUSP PATH] {2D964CB9-8EA6-4B52-B1CF-B5E7A9DD02D3} : C:\Users\Chris\Desktop\Fallout\FALLOUTW.EXE -> DELETED [TASK][sUSP PATH] {526F6BD3-665C-4AD2-A578-FB7737206B07} : C:\Users\Chris\Desktop\Fallout\FALLOUTW.EXE -> DELETED [TASK][sUSP PATH] {60741C73-6BD2-4B2F-9BB2-B7301C560335} : C:\Users\Chris\Desktop\Fallout\FALLOUTW.EXE -> DELETED [TASK][sUSP PATH] {9936B8F2-C6A8-46CE-9417-B6234FEAD8F0} : C:\Users\Chris\Desktop\Fallout\FALLOUTW.EXE -> DELETED [TASK][sUSP PATH] {A56C12C3-37AE-4D3E-B3C2-2EF415961DDF} : C:\Users\Chris\Desktop\Fallout\FALLOUTW.EXE -> DELETED [TASK][sUSP PATH] {BF1FBEF4-089D-4E11-B6B0-9AFFA8997C10} : C:\Users\Chris\Desktop\Fallout\FALLOUTW.EXE -> DELETED [TASK][sUSP PATH] {E0EA38F5-51B1-4368-A241-2AEB4EAFBF44} : C:\Users\Chris\Desktop\Fallout\FALLOUTW.EXE -> DELETED [TASK][sUSP PATH] {E8256A8F-3618-45A3-8496-60C3C82F191E} : C:\Users\Chris\Desktop\Fallout\FALLOUTW.EXE -> DELETED [TASK][sUSP PATH] {E87309F2-CF43-4477-8620-F427F2E4AA43} : C:\Users\Chris\Desktop\Fallout\FALLOUTW.EXE -> DELETED [TASK][sUSP PATH] {EC6AEEBC-73DA-4FD4-87D2-FF5B355BA9DC} : C:\Users\Chris\Desktop\Fallout\FALLOUTW.EXE -> DELETED [TASK][sUSP PATH] {F54F63DE-D490-4C0D-8181-7646F1FF514B} : C:\Users\Chris\Desktop\Fallout\FALLOUTW.EXE -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6400AAKS-75A7B2 ATA Device +++++ --- User --- [MBR] 6df73f4d9a35de5c06ec8879aafe38e8 [bSP] 646c66b199b405905171364817bd3629 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610478 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_02062013_02d2339.txt >> RKreport[1]_S_02062013_02d2336.txt ; RKreport[2]_D_02062013_02d2339.txt
  10. Some time in the last few weeks, one of the users on my computer acquired a search redirect virus. It appears to only be affecting that user account. When he searches on google, it gives what appear to be normal search results, but upon clicking the results, he's taken to alternate sites, usually after redirecting first to click.livesearchnow.com. I ran this from the admin user, which hasn't seemed affected. Also probably important to know: in an (I hope) unrelated issue, I can't use usb devices during boot, which has prevented me from booting into safe mode (or, as I'd prefer, installing another operating system). Thank you in advance for your time & effort. dds: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: Run by Owner at 19:28:51 on 2013-02-06 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2214 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Windows\system32\svchost.exe -k imgsvc c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 192.168.1.1 TCP: Interfaces\{5B4FB22D-0E6D-42F4-BAA8-77F2153CDF61} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{83E4DDDE-F100-4D78-B172-4D961B6A0733} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{C4D73EF4-69AE-4936-BA8F-960FCA7BEE5A} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{C4D73EF4-69AE-4936-BA8F-960FCA7BEE5A}\E4544574541425D25374 : DHCPNameServer = 192.168.1.1 SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-12-29 10:39; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2012-12-29 10:39; donottrackplus@abine.com; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\extensions\donottrackplus@abine.com FF - ExtSQL: 2013-01-02 15:21; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dhwufmky.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi . ============= SERVICES / DRIVERS =============== . R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-1-29 14456] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-29 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-29 682344] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-29 24176] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-6-19 712704] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392] R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 DroidCam;DroidCam Virtual Audio;C:\Windows\System32\drivers\droidcam.sys [2013-1-6 25216] S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-18 1255736] . =============== Created Last 30 ================ . 2013-02-06 22:10:59 -------- d-----w- C:\Users\Owner\AppData\Local\CrashDumps 2013-02-06 21:36:09 -------- d-----w- C:\ProgramData\Sophos 2013-02-06 20:53:09 73728 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2013-02-06 20:53:08 73728 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2013-02-06 20:53:08 73728 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2013-02-06 20:52:58 -------- d-----w- C:\Program Files (x86)\Sophos 2013-02-06 15:07:27 -------- d-----w- C:\Users\Owner\AppData\Local\NPE 2013-02-06 15:07:27 -------- d-----w- C:\ProgramData\Norton 2013-02-05 20:14:24 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EBA30B85-1CF2-4681-88AB-79C20D535897}\mpengine.dll 2013-02-04 20:14:10 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-30 04:51:56 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes 2013-01-30 04:51:48 -------- d-----w- C:\ProgramData\Malwarebytes 2013-01-30 04:51:46 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-01-30 04:51:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-30 04:51:38 -------- d-----w- C:\Users\Owner\AppData\Local\Programs 2013-01-30 04:34:23 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus 2013-01-30 03:23:20 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus 2013-01-30 03:22:58 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys 2013-01-30 03:22:39 -------- d-----w- C:\ProgramData\blekko toolbars 2013-01-30 03:22:30 -------- d-----w- C:\Program Files (x86)\adawaretb 2013-01-30 03:22:27 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner 2013-01-30 03:20:52 -------- d-----w- C:\Users\Owner\AppData\Roaming\LavasoftStatistics 2013-01-30 03:20:38 -------- d-----w- C:\Users\Owner\AppData\Roaming\Ad-Aware Antivirus 2013-01-29 05:29:30 -------- d-----w- C:\Users\Owner\AppData\Roaming\AccurateRip 2013-01-29 05:29:05 4022504 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe 2013-01-29 05:28:50 -------- d-----w- C:\Program Files (x86)\Illustrate 2013-01-29 05:28:06 -------- d-----w- C:\Program Files (x86)\sox-14-4-0 2013-01-24 18:47:20 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics 2013-01-24 18:34:25 741480 ------w- C:\Windows\System32\HPDiscoPM5C12.dll 2013-01-24 18:33:49 -------- d-----w- C:\Program Files (x86)\HP 2013-01-24 18:33:45 -------- d-----w- C:\Program Files\HP 2013-01-24 18:33:22 -------- d-----w- C:\Users\Owner\AppData\Local\HP 2013-01-22 23:22:44 -------- d-----w- C:\Users\Owner\AppData\Roaming\foobar2000 2013-01-22 23:22:34 -------- d-----w- C:\Program Files (x86)\foobar2000 2013-01-15 17:19:42 -------- d-----w- C:\Users\Owner\AppData\Local\Google 2013-01-09 20:04:17 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-01-09 20:04:17 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-01-09 18:15:15 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-01-09 18:15:15 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-01-09 18:15:07 2001408 ----a-w- C:\Windows\System32\msxml6.dll 2013-01-09 18:15:06 1880064 ----a-w- C:\Windows\System32\msxml3.dll 2013-01-09 18:15:06 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll 2013-01-09 18:15:05 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2013-01-09 18:15:04 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-01-09 18:15:04 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2013-01-09 18:15:02 801280 ----a-w- C:\Windows\System32\usp10.dll 2013-01-09 18:15:02 627712 ----a-w- C:\Windows\SysWow64\usp10.dll . ==================== Find3M ==================== . 2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-08 23:26:29 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-08 23:26:29 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-06 20:47:02 25216 ----a-w- C:\Windows\System32\drivers\droidcam.sys 2012-12-16 16:52:02 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:40:45 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:25:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:25:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs 2012-11-30 05:50:00 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:50:00 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:50:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:49:28 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:46:35 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 05:43:53 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-11-30 05:06:50 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 05:06:49 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:33:03 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:56:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:56:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:56:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:56:33 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:51:41 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:51:41 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:51:41 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:51:41 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-28 21:44:00 135933721 ----a-w- C:\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe 2012-11-23 03:45:35 3147264 ----a-w- C:\Windows\System32\win32k.sys 2012-11-14 19:52:35 0 ----a-w- C:\Windows\ativpsrm.bin 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:49:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll . ============= FINISH: 19:29:34.38 =============== attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/14/2012 2:32:19 PM System Uptime: 2/6/2013 7:22:02 PM (0 hours ago) . Motherboard: Dell Inc. | | 0F896N Processor: AMD Athlon™ II X2 215 Processor | AM2 | 2700/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 596 GiB total, 490.159 GiB free. D: is CDROM (UDF) E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318} Description: DroidCam Virtual Audio Device ID: ROOT\MEDIA\0000 Manufacturer: Dev47Apps Name: DroidCam Virtual Audio PNP Device ID: ROOT\MEDIA\0000 Service: DroidCam . ==== System Restore Points =================== . RP39: 1/23/2013 8:36:30 PM - Windows Update RP40: 1/27/2013 2:01:41 AM - Windows Update RP41: 1/30/2013 3:14:40 PM - Windows Update RP42: 2/3/2013 3:14:09 PM - Windows Update RP43: 2/6/2013 10:12:25 AM - Norton_Power_Eraser_20130206101217778 RP44: 2/6/2013 3:32:24 PM - Windows Modules Installer RP45: 2/6/2013 3:52:16 PM - Installed Sophos Virus Removal Tool. RP46: 2/6/2013 5:27:24 PM - Removed Ad-Aware Antivirus. RP47: 2/6/2013 5:28:16 PM - Removed Ad-Aware Antivirus. . ==== Installed Programs ====================== . µTorrent 7-Zip 9.20 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI Cogs Crayon Physics Deluxe dBpoweramp DSP Effects dBpoweramp Music Converter Dungeon Defenders Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.17.01.801 foobar2000 v1.1.11 Google Chrome Google Update Helper HP Officejet 6700 Basic Device Software HTC BMP USB Driver HTC Driver Installer HTC Sync Machinarium Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 mIRC Mozilla Firefox 18.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) OpenOffice.org 3.4.1 PeerBlock 1.1 (r518) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Sophos Virus Removal Tool Steam Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VLC media player 2.0.4 Xilisoft PDF to Word Converter . ==== Event Viewer Messages From Past Week ======== . 2/6/2013 1:51:08 PM, Error: Microsoft-Windows-DriverFrameworks-UserMode [10101] - The driver package installation has failed. The final status was 0x45B. . ==== End Of File ===========================