Jump to content
Sign in to follow this  
kmullowney

Infected with Trojan Horse Dropper.generic_c.mmi

Recommended Posts

Infected with Trojan Horse Dropper.generic_c.mmi

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Mullowney at 0:14:32 on 2012-08-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.1569 [GMT -6:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:PROGRA~2AVGAVG2012avgrsa.exe

C:Program Files (x86)AVGAVG2012avgcsrva.exe

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32svchost.exe -k RPCSS

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32svchost.exe -k NetworkService

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:WindowsSystem32spoolsv.exe

C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe

C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Program Files (x86)AVGAVG2012avgwdsvc.exe

C:Program FilesBonjourmDNSResponder.exe

C:Program FilesGatewayGateway Power ManagementePowerSvc.exe

C:Program Files (x86)GatewayRegistrationGregHSRW.exe

C:WindowsSysWOW64svchost.exe -k hpdevmgmt

C:Windowssystem32svchost.exe -k HsfXAudioService

C:Program Files (x86)LeapFrogLeapFrog ConnectCommandService.exe

C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe

C:Program Files (x86)MotorolaMotoHelperMotoHelperService.exe

C:WindowsSystem32svchost.exe -k HPZ12

C:Program Files (x86)NewTech InfosystemsGateway MyBackupIScheduleSvc.exe

C:Program Files (x86)Novatel WirelessNovacoreServerNvtlSrvr.exe

C:Program Files (x86)Novatel WirelessDriversNWHelper.exe

C:WindowsSystem32svchost.exe -k HPZ12

C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe

C:Windowssystem32svchost.exe -k imgsvc

C:Program Files (x86)SprintSprint SmartViewSwiCardDetect64.exe

C:Windowssystem32taskhost.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Program Files (x86)MotorolaMotoHelperMotoHelperAgent.exe

C:Program FilesGatewayGateway UpdaterUpdaterService.exe

C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater11.2.0ToolbarUpdater.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe

C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe

C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe

C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe

C:Program FilesGatewayGateway Power ManagementePowerTray.exe

C:Program FilesRealtekAudioHDARAVCpl64.exe

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:WindowsSystem32igfxtray.exe

C:WindowsSystem32hkcmd.exe

C:WindowsSystem32igfxpers.exe

C:Windowssystem32igfxsrvc.exe

C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

C:UsersMullowneyAppDataLocalAkamainetsession_win.exe

C:Windowssystem32igfxext.exe

C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe

C:WindowsSystem32rundll32.exe

C:Windowssystem32wbemunsecapp.exe

C:WindowsSysWOW64rundll32.exe

C:Windowssystem32wbemwmiprvse.exe

C:Program FilesGatewayGateway Power ManagementePowerEvent.exe

C:UsersMullowneyAppDataLocalAkamainetsession_win.exe

C:Program Files (x86)GoogleGoogle Calendar SyncGoogleCalendarSync.exe

C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe

C:Program Files (x86)AVGAVG2012avgnsa.exe

C:Program Files (x86)Common FilesAppleApple Application Supportdistnoted.exe

C:Windowssystem32conhost.exe

C:Program Files (x86)AVGAVG2012avgemca.exe

C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE

C:Windowssystem32SearchIndexer.exe

C:Program Files (x86)Launch ManagerLManager.exe

C:Program Files (x86)NewTech InfosystemsGateway MyBackupBackupManagerTray.exe

C:Program Files (x86)VideoWebCameraVideoWebCamera.exe

C:Program Files (x86)CyberLinkPowerDVD8PDVD8Serv.exe

C:Program Files (x86)AVGAVG2012avgtray.exe

C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe

C:Program Files (x86)LeapFrogLeapFrog ConnectMonitor.exe

C:Program FilesHTCModeSelectionVMMModeSelection.exe

C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

C:Program FilesSynapticsSynTPSynTPHelper.exe

C:Program Files (x86)Common FilesResearch in MotionUSB DriversRIMBBLaunchAgent.exe

C:Program Files (x86)AVG Secure Searchvprot.exe

C:Program Files (x86)iTunesiTunesHelper.exe

C:Program Files (x86)SprintSprint SmartViewSprintSV.exe

C:Program Files (x86)HPHP Software Updatehpwuschd2.exe

C:Program FilesiPodbiniPodService.exe

C:Program Files (x86)AVGAVG2012avgui.exe

C:Program Files (x86)SprintSprint SmartViewRcAppSvc.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Program Files (x86)HPDigital ImagingbinhpqSTE08.exe

C:Program Files (x86)HPDigital Imagingbinhpqbam08.exe

C:Program Files (x86)HPDigital Imagingbinhpqgpc01.exe

C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe

C:Program Files (x86)Mozilla Firefoxfirefox.exe

"C:WindowsSysWOW64svchost.exe" -k LocalServiceDns

C:Windowssystem32conhost.exe

C:Windowssystem32taskhost.exe

C:Program Files (x86)SprintSprint SmartViewWiMaxRpcServer.exe

C:Windowssystem32DllHost.exe

C:Windowssystem32DllHost.exe

C:WindowsSysWOW64cmd.exe

C:Windowssystem32conhost.exe

C:WindowsSysWOW64cscript.exe

C:Windowssystem32wbemwmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n925l0454z1k5a4402y27q

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n925l0454z1k5a4402y27q

mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n925l0454z1k5a4402y27q

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n925l0454z1k5a4402y27q

uInternet Settings,ProxyOverride = <local>;192.168.*.*

uURLSearchHooks: H - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:Program Files (x86)AVGAVG2012avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:Program Files (x86)AVGAVG2012avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:PROGRA~2MICROS~1Office14GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:Program Files (x86)Javajre6binssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:Program Files (x86)AVG Secure Search11.1.0.12AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:PROGRA~2MICROS~1Office14URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:Program Files (x86)Javajre6binjp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:Program Files (x86)AVG Secure Search11.1.0.12AVG Secure Search_toolbar.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_bho.dll

uRun: [swg] "C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"

uRun: [Akamai NetSession Interface] "C:UsersMullowneyAppDataLocalAkamainetsession_win.exe"

uRun: [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe

uRun: [Adobe] rundll32.exe "C:UsersMullowneyAppDataLocalApple ComputerAdobephjpndw.dll",CreateInstance

mRun: [LManager] C:Program Files (x86)Launch ManagerLManager.exe

mRun: [backupManagerTray] "C:Program Files (x86)NewTech InfosystemsGateway MyBackupBackupManagerTray.exe" -h -k

mRun: [VideoWebCamera] "C:Program Files (x86)VideoWebCameraVideoWebCamera.exe" -a

mRun: [RemoteControl8] "C:Program Files (x86)CyberLinkPowerDVD8PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "C:Program Files (x86)CyberLinkPowerDVD8LanguageLanguage.exe"

mRun: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"

mRun: [bCSSync] "C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe" /DelayServices

mRun: [ArcSoft Connection Service] C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe

mRun: [Monitor] "C:Program Files (x86)LeapFrogLeapFrog ConnectMonitor.exe"

mRun: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun: [VMM Mode Selection] C:Program FilesHTCModeSelectionVMMModeSelection.exe

mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

mRun: [RIMBBLaunchAgent.exe] C:Program Files (x86)Common FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe

mRun: [vProt] "C:Program Files (x86)AVG Secure Searchvprot.exe"

mRun: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

mRun: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

mRun: [sprint SmartView] "C:Program Files (x86)SprintSprint SmartViewSprintSV.exe" -a

mRun: [HP Software Update] C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe

mRun: [<NO NAME>]

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupGOOGLE~1.LNK - C:Program Files (x86)GoogleGoogle Calendar SyncGoogleCalendarSync.exe

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupHPDIGI~1.LNK - C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:PROGRA~2MICROS~1Office14EXCEL.EXE/3000

IE: Se&nd to OneNote - C:PROGRA~2MICROS~1Office14ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:Program Files (x86)AVGAVG2012avgdtiex.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:PROGRA~2MICROS~1Office12REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll

LSP: mswsock.dll

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.isqft.com/Applets/ScriptX/ScriptX.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1 205.171.2.25

TCP: Interfaces{CF79823C-E338-4FCB-AD89-F2024E306D53} : DhcpNameServer = 192.168.0.1 205.171.2.25

TCP: Interfaces{CF79823C-E338-4FCB-AD89-F2024E306D53}2456C6B696E6F574F575962756C6563737F5442464238373 : DhcpNameServer = 192.168.2.1

TCP: Interfaces{CF79823C-E338-4FCB-AD89-F2024E306D53}262797E677F6F646F513 : DhcpNameServer = 192.168.180.1

TCP: Interfaces{CF79823C-E338-4FCB-AD89-F2024E306D53}E4544574541425 : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:Program Files (x86)Common FilesAVG Secure SearchViProtocolInstaller11.2.0ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:PROGRA~2MICROS~1Office14GROOVEEX.DLL

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:Program Files (x86)AVGAVG2012avgdtiex.dll

BHO-X64: AVG Do Not Track - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~2MICROS~1Office14GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG Secure Search11.1.0.12AVG Secure Search_toolbar.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:PROGRA~2MICROS~1Office14URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG Secure Search11.1.0.12AVG Secure Search_toolbar.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [LManager] C:Program Files (x86)Launch ManagerLManager.exe

mRun-x64: [backupManagerTray] "C:Program Files (x86)NewTech InfosystemsGateway MyBackupBackupManagerTray.exe" -h -k

mRun-x64: [VideoWebCamera] "C:Program Files (x86)VideoWebCameraVideoWebCamera.exe" -a

mRun-x64: [RemoteControl8] "C:Program Files (x86)CyberLinkPowerDVD8PDVD8Serv.exe"

mRun-x64: [PDVD8LanguageShortcut] "C:Program Files (x86)CyberLinkPowerDVD8LanguageLanguage.exe"

mRun-x64: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"

mRun-x64: [bCSSync] "C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe" /DelayServices

mRun-x64: [ArcSoft Connection Service] C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe

mRun-x64: [Monitor] "C:Program Files (x86)LeapFrogLeapFrog ConnectMonitor.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

mRun-x64: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun-x64: [VMM Mode Selection] C:Program FilesHTCModeSelectionVMMModeSelection.exe

mRun-x64: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun-x64: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

mRun-x64: [RIMBBLaunchAgent.exe] C:Program Files (x86)Common FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe

mRun-x64: [vProt] "C:Program Files (x86)AVG Secure Searchvprot.exe"

mRun-x64: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

mRun-x64: [sprint SmartView] "C:Program Files (x86)SprintSprint SmartViewSprintSV.exe" -a

mRun-x64: [HP Software Update] C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe

mRun-x64: [(Default)]

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:PROGRA~2MICROS~1Office14GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:UsersMullowneyAppDataRoamingMozillaFirefoxProfiles1kpp5t6h.default

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - espn.com

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B86df5736-5c17-4a88-aae1-c35ffdcea91e%7D&mid=4d2b2db3286cdafc3124581446d14737-f118a8ae36c24207e6bdba77c1a93205f2b6f996&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-15%2009%3A33%3A23&sap=ku&q=

FF - component: C:Program Files (x86)AVGAVG10Firefox4componentsavgssff4.dll

FF - component: C:UsersMullowneyAppDataRoamingMozillaFirefoxProfiles1kpp5t6h.defaultextensions{88c7f2aa-f93f-432c-8f0e-b7d85967a527}componentsRadioWMPCoreGecko19.dll

FF - component: C:UsersMullowneyAppDataRoamingMozillaFirefoxProfiles1kpp5t6h.defaultextensionsengine@conduit.comcomponentsRadioWMPCoreGecko19.dll

FF - plugin: C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL

FF - plugin: C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL

FF - plugin: C:Program Files (x86)AdobeReader 9.0ReaderAIRnppdf32.dll

FF - plugin: C:Program Files (x86)Common FilesAVG Secure SearchSiteSafetyInstaller11.2.0npsitesafety.dll

FF - plugin: C:Program Files (x86)Common FilesResearch In MotionBBWebSLLauncherNPWebSLLauncher.dll

FF - plugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll

FF - plugin: C:Program Files (x86)GoogleUpdate1.3.21.115npGoogleUpdate3.dll

FF - plugin: C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll

FF - plugin: C:Program Files (x86)Javajre6binplugin2npdeployJava1.dll

FF - plugin: C:Program Files (x86)Javajre6binplugin2npjp2.dll

FF - plugin: c:Program Files (x86)Microsoft Silverlight4.1.10329.0npctrlui.dll

FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsnpdeployJava1.dll

FF - plugin: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll

FF - plugin: C:UsersMullowneyAppDataLocalRobloxVersionsversion-fb3436d54f9e4598NPRobloxProxy.dll

FF - plugin: C:UsersMullowneyAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll

FF - plugin: C:UsersMullowneyAppDataRoamingMozillaFirefoxProfiles1kpp5t6h.defaultextensions{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}pluginsnpGarmin.dll

FF - plugin: C:UsersMullowneyAppDataRoamingMozillaFirefoxProfiles1kpp5t6h.defaultextensions{88c7f2aa-f93f-432c-8f0e-b7d85967a527}pluginsnp-mswmp.dll

FF - plugin: C:WindowsSysWOW64AdobeDirectornp32dsw.dll

FF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32_11_3_300_270.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:Windowssystem32DRIVERSavgidsha.sys --> C:Windowssystem32DRIVERSavgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:Windowssystem32DRIVERSavgrkx64.sys --> C:Windowssystem32DRIVERSavgrkx64.sys [?]

R0 PxHlpa64;PxHlpa64;C:Windowssystem32DriversPxHlpa64.sys --> C:Windowssystem32DriversPxHlpa64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:Windowssystem32DRIVERSavgldx64.sys --> C:Windowssystem32DRIVERSavgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:Windowssystem32DRIVERSavgmfx64.sys --> C:Windowssystem32DRIVERSavgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:Windowssystem32DRIVERSavgtdia.sys --> C:Windowssystem32DRIVERSavgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:Windowssystem32DRIVERSvwififlt.sys --> C:Windowssystem32DRIVERSvwififlt.sys [?]

R2 AVGIDSAgent;AVGIDSAgent;C:Program Files (x86)AVGAVG2012avgidsagent.exe [2012-7-4 5160568]

R2 avgwd;AVG WatchDog;C:Program Files (x86)AVGAVG2012avgwdsvc.exe [2012-2-14 193288]

R2 cvhsvc;Client Virtualization Handler;C:Program Files (x86)Common Filesmicrosoft sharedVirtualization HandlerCVHSVC.EXE [2012-1-4 822624]

R2 ePowerSvc;Acer ePower Service;C:Program FilesGatewayGateway Power ManagementePowerSvc.exe [2009-12-17 844320]

R2 Greg_Service;GRegService;C:Program Files (x86)GatewayRegistrationGregHSRW.exe [2009-8-28 1150496]

R2 HsfXAudioService;HsfXAudioService;C:Windowssystem32svchost.exe -k HsfXAudioService [2009-7-13 20992]

R2 MotoHelper;MotoHelper Service;C:Program Files (x86)MotorolaMotoHelperMotoHelperService.exe [2011-4-26 223088]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:Program Files (x86)NewTech InfosystemsGateway MyBackupIScheduleSvc.exe [2009-10-29 255744]

R2 NvtlService;NovaCore SDK Service;C:Program Files (x86)Novatel WirelessNovacoreServerNvtlSrvr.exe [2011-2-7 92504]

R2 NWHelper;Novatel Wireless Device Helper ;C:Program Files (x86)Novatel WirelessDriversNWHelper.exe [2011-3-16 270336]

R2 sftlist;Application Virtualization Client;C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe [2011-10-1 508776]

R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:Program Files (x86)SprintSprint SmartViewSwiCardDetect64.exe [2010-9-22 307568]

R2 UNS;Intel® Management & Security Application User Notification Service;C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2010-2-3 2320920]

R2 Updater Service;Updater Service;C:Program FilesGatewayGateway UpdaterUpdaterService.exe [2009-12-17 240160]

R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater11.2.0ToolbarUpdater.exe [2012-7-9 935008]

R3 AVGIDSDriver;AVGIDSDriver;C:Windowssystem32DRIVERSavgidsdrivera.sys --> C:Windowssystem32DRIVERSavgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:Windowssystem32DRIVERSavgidsfiltera.sys --> C:Windowssystem32DRIVERSavgidsfiltera.sys [?]

R3 CAXHWAZL;CAXHWAZL;C:Windowssystem32DRIVERSCAXHWAZL.sys --> C:Windowssystem32DRIVERSCAXHWAZL.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:Windowssystem32DRIVERSHECIx64.sys --> C:Windowssystem32DRIVERSHECIx64.sys [?]

R3 Impcd;Impcd;C:Windowssystem32DRIVERSImpcd.sys --> C:Windowssystem32DRIVERSImpcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:Windowssystem32DRIVERSIntcDAud.sys --> C:Windowssystem32DRIVERSIntcDAud.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:Windowssystem32DRIVERSk57nd60a.sys --> C:Windowssystem32DRIVERSk57nd60a.sys [?]

R3 Sftfs;Sftfs;C:Windowssystem32DRIVERSSftfslh.sys --> C:Windowssystem32DRIVERSSftfslh.sys [?]

R3 Sftplay;Sftplay;C:Windowssystem32DRIVERSSftplaylh.sys --> C:Windowssystem32DRIVERSSftplaylh.sys [?]

R3 Sftredir;Sftredir;C:Windowssystem32DRIVERSSftredirlh.sys --> C:Windowssystem32DRIVERSSftredirlh.sys [?]

R3 Sftvol;Sftvol;C:Windowssystem32DRIVERSSftvollh.sys --> C:Windowssystem32DRIVERSSftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2010-4-7 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-5-7 250056]

S3 bcm;WiMAX Network Adapter;C:Windowssystem32DRIVERSdrxvi314_64.sys --> C:Windowssystem32DRIVERSdrxvi314_64.sys [?]

S3 bcmbusctr;WiMAX Bus Driver;C:Windowssystem32DRIVERSBcmBusCtr_64.sys --> C:Windowssystem32DRIVERSBcmBusCtr_64.sys [?]

S3 CASprint;Sprint Con App Svc;C:Program Files (x86)SprintSprint SmartViewConAppsSvc.exe [2012-5-30 124520]

S3 FlyUsb;FLY Fusion;C:Windowssystem32DRIVERSFlyUsb.sys --> C:Windowssystem32DRIVERSFlyUsb.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2010-4-7 135664]

S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:Windowssystem32DRIVERSHtcUsbMdmV64.sys --> C:Windowssystem32DRIVERSHtcUsbMdmV64.sys [?]

S3 HtcVCom32;HTC Diagnostic Port;C:Windowssystem32DRIVERSHtcVComV64.sys --> C:Windowssystem32DRIVERSHtcVComV64.sys [?]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:Windowssystem32DRIVERSbtblan.sys --> C:Windowssystem32DRIVERSbtblan.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:Program Files (x86)Microsoft OfficeOffice14GROOVE.EXE [2011-6-12 31125880]

S3 motccgp;Motorola USB Composite Device Driver;C:Windowssystem32DRIVERSmotccgp.sys --> C:Windowssystem32DRIVERSmotccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;C:Windowssystem32DRIVERSmotccgpfl.sys --> C:Windowssystem32DRIVERSmotccgpfl.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe [2012-5-6 113120]

S3 osppsvc;Office Software Protection Platform;C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [2010-1-9 4925184]

S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;??C:Windowssystem32PCTINDIS5X64.SYS --> C:Windowssystem32PCTINDIS5X64.SYS [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:WindowsSystem32driversRtsUStor.sys [2009-12-17 225280]

S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:PROGRA~2VERIZO~1VZACCE~1SMSIVZAM5X64.SYS [2009-5-25 43032]

S3 SrvHsfHDA;SrvHsfHDA;C:Windowssystem32DRIVERSVSTAZL6.SYS --> C:Windowssystem32DRIVERSVSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:Windowssystem32DRIVERSVSTDPV6.SYS --> C:Windowssystem32DRIVERSVSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:Windowssystem32DRIVERSVSTCNXT6.SYS --> C:Windowssystem32DRIVERSVSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:Windowssystem32driverstsusbflt.sys --> C:Windowssystem32driverstsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:Windowssystem32Driversusbaapl64.sys --> C:Windowssystem32Driversusbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:Windowssystem32WatWatAdminSvc.exe --> C:Windowssystem32WatWatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-03 23:48:37 -------- d-sh--w- C:WindowsSysWow64%APPDATA%

2012-07-13 15:27:02 3148800 ----a-w- C:WindowsSystem32win32k.sys

2012-07-12 03:28:38 -------- d-----w- C:ProgramDataSierra Wireless

2012-07-12 03:19:47 -------- d-----w- C:UsersMullowneyAppDataLocalSprint

2012-07-12 03:19:40 47104 ----a-w- C:WindowsSystem32driversswmsflt.sys

2012-07-12 03:19:40 -------- d-----w- C:UsersMullowneyAppDataRoamingSierra Wireless

2012-07-12 03:14:42 -------- d-----w- C:Program Files (x86)Common FilesEPP

2012-07-12 03:14:40 -------- d-----w- C:Program Files (x86)Common FilesPctelEapPeer Authentication

2012-07-12 03:14:35 -------- d-----w- C:Program Files (x86)Sierra Wireless

2012-07-12 03:13:11 -------- d-----w- C:ProgramDataSprint

2012-07-12 03:13:11 -------- d-----w- C:Program Files (x86)Sprint

2012-07-12 03:13:11 -------- d-----w- C:Program Files (x86)Novatel Wireless

2012-07-08 18:18:49 -------- d-----w- C:UsersMullowneyAppDataLocal{518C71A7-569A-4B6F-9EEF-D4729812FCA6}

2012-07-08 18:18:37 -------- d-----w- C:UsersMullowneyAppDataLocal{F52BE533-844F-4588-9139-22168D1BF635}

.

==================== Find3M ====================

.

2012-08-04 00:01:18 70344 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl

2012-08-04 00:01:18 426184 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe

2012-06-06 06:06:16 2004480 ----a-w- C:WindowsSystem32msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:WindowsSystem32msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:WindowsSystem32cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:WindowsSysWow64msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:WindowsSysWow64msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:WindowsSysWow64cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:WindowsSystem32wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:WindowsSystem32wudriver.dll

2012-06-02 21:19:42 186752 ----a-w- C:WindowsSystem32wuwebv.dll

2012-06-02 21:15:12 36864 ----a-w- C:WindowsSystem32wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:WindowsSystem32jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:WindowsSystem32wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:WindowsSystem32ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:WindowsSystem32mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:WindowsSysWow64jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:WindowsSysWow64wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:WindowsSystem32driverscng.sys

2012-06-02 05:48:16 95600 ----a-w- C:WindowsSystem32driversksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:WindowsSystem32driversksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:WindowsSystem32schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:WindowsSystem32ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:WindowsSysWow64secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:WindowsSysWow64schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:WindowsSysWow64ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:WindowsSysWow64sspicli.dll

2012-05-30 16:08:08 67176 ----a-w- C:WindowsSysWow64pxfhwmcp.dll

2012-05-30 16:08:06 136808 ----a-w- C:WindowsSysWow64PCTIN50.dll

.

============= FINISH: 0:15:01.59 ===============

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: DeviceHarddiskVolume2

Install Date: 4/7/2010 9:42:49 PM

System Uptime: 8/3/2012 11:44:23 PM (1 hours ago)

.

Motherboard: Gateway | | NV79

Processor: Intel® Core i3 CPU M 330 @ 2.13GHz | CPU | 2133/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 454 GiB total, 332.707 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP187: 6/5/2012 9:04:25 AM - Windows Update

RP188: 6/18/2012 4:39:44 PM - Windows Update

RP189: 6/18/2012 5:00:33 PM - Windows Update

RP190: 6/21/2012 11:22:05 AM - Windows Update

RP191: 6/22/2012 9:50:42 AM - Windows Update

RP192: 7/4/2012 9:27:48 AM - Installed Google SketchUp 8

RP193: 7/11/2012 9:11:53 PM - Installed Sprint SmartView.

RP195: 7/11/2012 9:20:04 PM - Pnp Update Driver Installation

RP196: 7/13/2012 9:16:36 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.1

Adobe Shockwave Player 11.6

Akamai NetSession Interface

Apple Application Support

Apple Software Update

ArcSoft Print Creations

ArcSoft Print Creations - Album Page

ArcSoft Print Creations - Funhouse

ArcSoft Print Creations - Greeting Card

ArcSoft Print Creations - Photo Book

ArcSoft Print Creations - Photo Calendar

ArcSoft Print Creations - Scrapbook

ArcSoft Print Creations - Slimline Card

Avery Wizard 4.0

Backup Manager Basic

Big Fish Games: Game Manager

BlackBerry Desktop Software 6.1

BlackBerry Device Software Updater

BlackBerry JDE 7.1.0

BufferChm

Bugdom Demo v1.24

Bugdom v1.24

Compatibility Pack for the 2007 Office system

Copy

CyberLink PowerDVD 8

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

Diego's Ultimate Rescue League

DJ_AIO_05_F4400_Software_Min

F4400

FirstClass® Client

GardenPuzzle - Garden Planner

Gateway InfoCentre

Gateway MyBackup

Gateway Power Management

Gateway Recovery Management

Gateway Registration

Gateway ScreenSaver

Gateway Updater

Google Calendar Sync

Google Earth

Google SketchUp 8

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

HP Photo Creations

HP Update

HPDiagnosticAlert

HPPhotoGadget

HPProductAssistant

HPSSupply

Identity Card

InstallVC90Support

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

iTLG Grade 4

Java Auto Updater

Java 6 Update 20

Java 6 Update 31

Junk Mail filter update

Launch Manager

LeapFrog Connect

LeapFrog LeapPad Explorer Plugin

LeapFrog Tag Plugin

Malwarebytes' Anti-Malware

MarketResearch

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office Home and Business 2010 - English

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2010

Microsoft Office Project 2007 Service Pack 3 (SP3)

Microsoft Office Project MUI (English) 2007

Microsoft Office Project Standard 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2010

Microsoft Outlook Social Connector Provider for Facebook 32-bit

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MotoHelper 2.0.51 Driver 5.1.0

MotoHelper MergeModules

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery Cruise

QuickTime

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Roblox for Mullowney

Roxio Burn

Roxio Update Manager

Safari

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

SmartWebPrinting

SolutionCenter

Status

swMSM

System Requirements Lab for Intel

Toolbox

TrayApp

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft Office Project 2007 Help (KB963668)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

Video Web Camera

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

VZAccess Manager

WebReg

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WModem Driver Installer

.

==== Event Viewer Messages From Past Week ========

.

8/3/2012 9:37:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Updater Service service to connect.

8/3/2012 9:37:56 PM, Error: Service Control Manager [7000] - The Updater Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/3/2012 11:46:22 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

8/3/2012 11:46:22 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

8/3/2012 11:45:01 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/3/2012 11:45:00 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/3/2012 11:44:59 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/2/2012 4:15:12 PM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.

.

==== End Of File ===========================

 

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-04 00:17:41

-----------------------------

00:17:41.020 OS Version: Windows x64 6.1.7601 Service Pack 1

00:17:41.020 Number of processors: 4 586 0x2502

00:17:41.021 ComputerName: MULLOWNEY-PC UserName: Mullowney

00:17:45.250 Initialize success

00:19:27.319 AVAST engine defs: 12080301

00:19:32.930 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIAAStorageDevice-1

00:19:32.932 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3

00:19:32.960 Disk 0 MBR read successfully

00:19:32.963 Disk 0 MBR scan

00:19:32.966 Disk 0 Windows 7 default MBR code

00:19:32.970 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63

00:19:32.989 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855

00:19:33.003 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464545 MB offset 25382700

00:19:33.050 Disk 0 scanning C:Windowssystem32drivers

00:19:50.205 Service scanning

00:20:35.639 Modules scanning

00:20:35.647 Disk 0 trace - called modules:

00:20:35.664 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

00:20:35.670 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0xfffffa8004c19060]

00:20:35.674 3 CLASSPNP.SYS[fffff88001bb143f] -> nt!IofCallDriver -> DeviceIdeIAAStorageDevice-1[0xfffffa80049b4050]

00:20:39.955 AVAST engine scan C:Windows

00:20:43.029 AVAST engine scan C:Windowssystem32

00:23:14.177 File: C:WindowsassemblyGAC_32Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]

00:23:18.264 File: C:WindowsassemblyGAC_64Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]

00:25:25.524 AVAST engine scan C:Windowssystem32drivers

00:25:55.942 AVAST engine scan C:UsersMullowney

00:26:54.970 Disk 0 MBR has been saved successfully to "C:UsersMullowneyDesktopMBR.dat"

00:26:54.977 The log file has been saved successfully to "C:UsersMullowneyDesktopaswMBR.txt"

Share this post


Link to post
Share on other sites

Hi kmullowney,

 

Welcome to the Pit.

 

I split your post off to it's own topic. Please do not post in other peoples thread.

 

Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

 

 

When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply.

 

 

Notes:

 

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Share this post


Link to post
Share on other sites

download Farbar Recovery Scan Tool 32-Bit

Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options.

 

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair

      System Restore

      Windows Complete PC Restore

      Windows Memory Diagnostic Tool

      Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool Version: 08-08-2012 02

Ran by SYSTEM at 09-08-2012 07:39:55

Running from H:

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

 

========================== Registry (Whitelisted) =============

 

HKLM...Run: [iAAnotif] C:Program Files (x86)IntelIntel Matrix Storage Manageriaanotif.exe [186904 2009-10-13] (Intel Corporation)

HKLM...Run: [Acer ePower Management] C:Program FilesGatewayGateway Power ManagementePowerTray.exe [822816 2009-10-29] (Acer Incorporated)

HKLM...Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe -s [8306208 2009-10-20] (Realtek Semiconductor)

HKLM...Run: [synTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe [1881384 2009-10-22] (Synaptics Incorporated)

HKLM...Run: [igfxTray] C:Windowssystem32igfxtray.exe [167704 2012-01-10] (Intel Corporation)

HKLM...Run: [HotKeysCmds] C:Windowssystem32hkcmd.exe [392984 2012-01-10] (Intel Corporation)

HKLM...Run: [Persistence] C:Windowssystem32igfxpers.exe [417560 2012-01-10] (Intel Corporation)

HKLM-x32...Run: [LManager] C:Program Files (x86)Launch ManagerLManager.exe [1157640 2009-09-16] (Dritek System Inc.)

HKLM-x32...Run: [backupManagerTray] "C:Program Files (x86)NewTech InfosystemsGateway MyBackupBackupManagerTray.exe" -h -k [244480 2009-10-29] (NewTech Infosystems, Inc.)

HKLM-x32...Run: [VideoWebCamera] "C:Program Files (x86)VideoWebCameraVideoWebCamera.exe" -a [1507448 2009-07-28] (Suyin)

HKLM-x32...Run: [RemoteControl8] "C:Program Files (x86)CyberLinkPowerDVD8PDVD8Serv.exe" [91432 2009-04-15] (CyberLink Corp.)

HKLM-x32...Run: [PDVD8LanguageShortcut] "C:Program Files (x86)CyberLinkPowerDVD8LanguageLanguage.exe" [50472 2009-04-15] (CyberLink Corp.)

HKLM-x32...Run: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)

HKLM-x32...Run: [bCSSync] "C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32...Run: [ArcSoft Connection Service] C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)

HKLM-x32...Run: [Monitor] "C:Program Files (x86)LeapFrogLeapFrog ConnectMonitor.exe" [268640 2011-11-12] (LeapFrog Enterprises, Inc.)

HKLM-x32...Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)

HKLM-x32...Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM-x32...Run: [VMM Mode Selection] C:Program FilesHTCModeSelectionVMMModeSelection.exe [43520 2011-02-14] ()

HKLM-x32...Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32...Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32...Run: [vProt] "C:Program Files (x86)AVG Secure Searchvprot.exe" [1107552 2012-07-09] ()

HKLM-x32...Run: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32...Run: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)

HKLM-x32...Run: [sprint SmartView] "C:Program Files (x86)SprintSprint SmartViewSprintSV.exe" -a [75368 2012-06-07] (Sprint)

HKLM-x32...Run: [HP Software Update] C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32...Run: [] [x]

HKUMullowney...Run: [swg] "C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [39408 2009-12-17] (Google Inc.)

HKUMullowney...Run: [Akamai NetSession Interface] "C:UsersMullowneyAppDataLocalAkamainetsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)

HKUMullowney...Run: [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe [59240 2012-02-23] (Apple Inc.)

HKUMullowney...Run: [Adobe] rundll32.exe "C:UsersMullowneyAppDataLocalApple ComputerAdobephjpndw.dll",CreateInstance [665088 2012-07-12] (Microsoft Corporation)

HKUNicole...Run: [Desktop iCalendar Lite.exe] C:UsersPublicDocumentsDesktop iCalendar LiteDesktop iCalendar Lite.exe [x]

HKUNicole...Run: [swg] "C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [39408 2009-12-17] (Google Inc.)

WinlogonNotifyigfxcui: igfxdev.dll (Intel Corporation)

TcpipParameters: [DhcpNameServer] 192.168.0.1 205.171.2.25

Startup: C:UsersAll UsersStart MenuProgramsStartupHP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe (Hewlett-Packard Co.)

Startup: C:UsersNicoleStart MenuProgramsStartupOpenOffice.org 3.2.lnk

ShortcutTarget: OpenOffice.org 3.2.lnk -> C:Program Files (x86)OpenOffice.org 3programquickstart.exe (No File)

 

==================== Services (Whitelisted) ======

 

2 ACDaemon; C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe [113152 2010-03-18] (ArcSoft Inc.)

2 AVGIDSAgent; "C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)

2 avgwd; "C:Program Files (x86)AVGAVG2012avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)

3 CASprint; "C:Program Files (x86)SprintSprint SmartViewConAppsSvc.exe" /n "CASprint" [124520 2012-05-30] (SmithMicro Inc.)

2 MotoHelper; C:Program Files (x86)MotorolaMotoHelperMotoHelperService.exe [223088 2011-04-26] ()

2 NvtlService; "C:Program Files (x86)Novatel WirelessNovacoreServerNvtlSrvr.exe" [92504 2011-02-07] ()

2 NWHelper; C:Program Files (x86)Novatel WirelessDriversNWHelper.exe [270336 2011-03-16] (Novatel Wireless Inc.)

3 SprintRcAppSvc; "C:Program Files (x86)SprintSprint SmartViewRcAppSvc.exe" /n "SprintRcAppSvc" [120424 2012-05-30] (SmithMicro Inc.)

2 SwiCardDetectSvc; "C:Program Files (x86)SprintSprint SmartViewSwiCardDetect64.exe" [307568 2010-09-22] (Sierra Wireless, Inc.)

2 UNS; "C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe" [2320920 2009-09-30] (Intel Corporation)

2 vToolbarUpdater11.2.0; C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater11.2.0ToolbarUpdater.exe [935008 2012-07-09] ()

 

========================== Drivers (Whitelisted) =============

 

3 AVGIDSDriver; C:WindowsSystem32DRIVERSavgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )

3 AVGIDSFilter; C:WindowsSystem32DRIVERSavgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )

0 AVGIDSHA; C:WindowsSystem32DriversAVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )

1 Avgldx64; C:WindowsSystem32DriversAvgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)

1 Avgmfx64; C:WindowsSystem32DriversAvgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)

0 Avgrkx64; C:WindowsSystem32DriversAvgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)

1 Avgtdia; C:WindowsSystem32DriversAvgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)

3 bcm; C:WindowsSystem32DRIVERSdrxvi314_64.sys [416000 2012-03-20] (Beceem Communications Inc.)

3 bcmbusctr; C:WindowsSystem32DRIVERSBcmBusCtr_64.sys [64000 2012-03-20] (Beceem Communications Inc.)

3 FlyUsb; C:WindowsSystem32DriversFlyUsb.sys [24576 2008-04-01] (LeapFrog)

3 HtcUsbMdmV64; C:WindowsSystem32DriversHtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)

3 HtcVCom32; C:WindowsSystem32DRIVERSHtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)

3 PCTINDIS5X64; ??C:Windowssystem32PCTINDIS5X64.SYS [43032 2010-08-05] (Smith Micro Inc.)

3 PROCEXP113; C:WindowsSystem32DriversPROCEXP113.sys [16712 2012-08-07] (Sysinternals - www.sysinternals.com)

3 SMSIVZAM5X64; ??C:PROGRA~2VERIZO~1VZACCE~1SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.)

3 SWNC5E00; C:WindowsSystem32DriversSWNC5E00.sys [285696 2010-10-19] (Sierra Wireless Inc.)

3 RimUsb; C:WindowsSystem32DriversRimUsb_AMD64.sys [x]

 

========================== NetSvcs (Whitelisted) ===========

 

 

============ One Month Created Files and Folders ==============

 

2012-08-09 07:39 - 2012-08-09 07:39 - 00000000 ____D C:FRST

2012-08-07 07:45 - 2012-08-07 07:45 - 00016712 ____A (Sysinternals - www.sysinternals.com) C:WindowsSystem32DriversPROCEXP113.SYS

2012-08-07 07:44 - 2012-08-07 07:55 - 00000000 ___SD C:32788R22FWJFW

2012-08-07 07:44 - 2012-08-07 07:45 - 00000000 ____D C:Windowserdnt

2012-08-07 07:44 - 2012-08-07 07:45 - 00000000 ____D C:Qoobox

2012-08-04 08:39 - 2012-08-04 20:11 - 00000000 ____D C:UsersMullowneyAppDataLocalLogMeIn Rescue Applet

2012-08-04 06:39 - 2012-08-04 06:39 - 18124296 ____A (Microsoft Corporation) C:UsersMullowneyDownloadsmpas-fe.exe

2012-08-03 22:26 - 2012-08-03 22:26 - 00002031 ____A C:UsersMullowneyDesktopaswMBR.txt

2012-08-03 22:26 - 2012-08-03 22:26 - 00000512 ____A C:UsersMullowneyDesktopMBR.dat

2012-08-03 22:17 - 2012-08-03 22:17 - 04731392 ____A (AVAST Software) C:UsersMullowneyDesktopaswMBR.exe

2012-08-03 22:16 - 2012-08-03 22:16 - 00032615 ____A C:UsersMullowneyDesktopDDS.txt

2012-08-03 22:16 - 2012-08-03 22:16 - 00011539 ____A C:UsersMullowneyDesktopAttach.txt

2012-08-03 22:10 - 2012-08-03 22:10 - 00607260 ____R (Swearware) C:UsersMullowneyDesktopdds.scr

2012-08-03 15:48 - 2012-08-03 15:48 - 00000000 __SHD C:WindowsSysWOW64%APPDATA%

2012-07-19 07:39 - 2012-07-19 07:39 - 00000000 ____D C:UsersNicoleAppDataLocal{FE8AAFDE-4931-4624-AB28-D5F8058FF765}

2012-07-19 07:39 - 2012-07-19 07:39 - 00000000 ____D C:UsersNicoleAppDataLocal{09035A44-34D0-4B59-9562-5921DABEF4E9}

2012-07-17 08:01 - 2012-07-17 08:01 - 00000000 ____D C:UsersNicoleAppDataLocal{E9256FC4-D3C1-471D-8407-BDDF678E5830}

2012-07-17 07:55 - 2012-07-17 07:55 - 00000000 ____D C:UsersNicoleAppDataLocal{2710FD7C-1327-48CC-A37D-CE451AFBA2A2}

2012-07-16 18:45 - 2012-07-16 18:45 - 00000000 ____D C:UsersNicoleAppDataLocal{40C27BE5-F173-438D-8F1D-FC07B60842B2}

2012-07-16 18:44 - 2012-07-16 18:45 - 00000000 ____D C:UsersNicoleAppDataLocal{0BAFEE5D-EBED-4BC1-832D-102BB58A00AB}

2012-07-14 15:54 - 2012-07-14 15:54 - 00000000 ____D C:UsersMullowneyDocumentsCyberLink

2012-07-14 15:54 - 2012-07-14 15:54 - 00000000 ____D C:UsersMullowneyAppDataRoamingCyberLink

2012-07-14 15:07 - 2012-07-14 15:07 - 00000000 ____D C:UsersNicoleAppDataRoamingSierra Wireless

2012-07-14 15:02 - 2012-07-14 15:02 - 00000000 ____D C:UsersNicoleAppDataLocalSprint

2012-07-13 07:27 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:WindowsSystem32win32k.sys

2012-07-13 07:19 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:WindowsSystem32mshtml.dll

2012-07-13 07:19 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:WindowsSystem32ieframe.dll

2012-07-13 07:19 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:WindowsSystem32jscript9.dll

2012-07-13 07:19 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:WindowsSystem32wininet.dll

2012-07-13 07:19 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:WindowsSystem32urlmon.dll

2012-07-13 07:19 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:WindowsSystem32inetcpl.cpl

2012-07-13 07:19 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:WindowsSystem32url.dll

2012-07-13 07:19 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:WindowsSystem32jsproxy.dll

2012-07-13 07:19 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:WindowsSystem32ieUnatt.exe

2012-07-13 07:19 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:WindowsSystem32jscript.dll

2012-07-13 07:19 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:WindowsSystem32iertutil.dll

2012-07-13 07:19 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:WindowsSystem32mshtml.tlb

2012-07-13 07:19 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:WindowsSystem32mshtmled.dll

2012-07-13 07:19 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:WindowsSystem32ieui.dll

2012-07-13 07:19 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:WindowsSysWOW64mshtml.dll

2012-07-13 07:19 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:WindowsSysWOW64ieframe.dll

2012-07-13 07:19 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:WindowsSysWOW64jscript9.dll

2012-07-13 07:19 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:WindowsSysWOW64urlmon.dll

2012-07-13 07:19 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:WindowsSysWOW64inetcpl.cpl

2012-07-13 07:19 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:WindowsSysWOW64wininet.dll

2012-07-13 07:19 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:WindowsSysWOW64url.dll

2012-07-13 07:19 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:WindowsSysWOW64jsproxy.dll

2012-07-13 07:19 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:WindowsSysWOW64ieUnatt.exe

2012-07-13 07:19 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:WindowsSysWOW64iertutil.dll

2012-07-13 07:19 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:WindowsSysWOW64jscript.dll

2012-07-13 07:19 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:WindowsSysWOW64mshtmled.dll

2012-07-13 07:19 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb

2012-07-13 07:19 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:WindowsSysWOW64ieui.dll

2012-07-11 19:28 - 2012-07-11 19:28 - 00000000 ____D C:UsersAll UsersSierra Wireless

2012-07-11 19:20 - 2012-08-09 05:35 - 00000258 _RASH C:UsersAll Usersntuser.pol

2012-07-11 19:19 - 2012-07-11 19:19 - 00000000 ____D C:UsersMullowneyAppDataRoamingSierra Wireless

2012-07-11 19:19 - 2012-07-11 19:19 - 00000000 ____D C:UsersMullowneyAppDataLocalSprint

2012-07-11 19:19 - 2010-10-19 08:00 - 00047104 ____A C:WindowsSystem32Driversswmsflt.sys

2012-07-11 19:14 - 2012-07-11 19:14 - 00002027 ____A C:UsersPublicDesktopSprint SmartView.lnk

2012-07-11 19:14 - 2012-07-11 19:14 - 00000000 ____D C:Program Files (x86)Sierra Wireless

2012-07-11 19:13 - 2012-07-11 19:13 - 00000000 ____D C:UsersAll UsersSprint

2012-07-11 19:13 - 2012-07-11 19:13 - 00000000 ____D C:Program Files (x86)Sprint

2012-07-11 19:13 - 2012-07-11 19:13 - 00000000 ____D C:Program Files (x86)Novatel Wireless

2012-07-11 19:11 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:WindowsSystem32shell32.dll

2012-07-11 19:11 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:WindowsSysWOW64shell32.dll

2012-07-11 19:11 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:WindowsSystem32msxml6.dll

2012-07-11 19:11 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:WindowsSystem32msxml3.dll

2012-07-11 19:11 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:WindowsSystem32cdosys.dll

2012-07-11 19:11 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:WindowsSysWOW64msxml6.dll

2012-07-11 19:11 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:WindowsSysWOW64msxml3.dll

2012-07-11 19:11 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:WindowsSysWOW64cdosys.dll

2012-07-11 19:11 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:WindowsSystem32Driverscng.sys

2012-07-11 19:11 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:WindowsSystem32Driversksecpkg.sys

2012-07-11 19:11 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:WindowsSystem32Driversksecdd.sys

2012-07-11 19:11 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:WindowsSystem32schannel.dll

2012-07-11 19:11 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:WindowsSystem32ncrypt.dll

2012-07-11 19:11 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:WindowsSysWOW64schannel.dll

2012-07-11 19:11 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:WindowsSysWOW64secur32.dll

2012-07-11 19:11 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:WindowsSysWOW64ncrypt.dll

2012-07-11 19:11 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:WindowsSysWOW64sspicli.dll

2012-07-11 19:11 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:WindowsSystem32msxml3r.dll

2012-07-11 19:11 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:WindowsSysWOW64msxml3r.dll

 

============ 3 Months Modified Files ========================

 

2012-08-09 05:36 - 2009-07-13 20:51 - 00133977 ____A C:Windowssetupact.log

2012-08-09 05:35 - 2012-07-11 19:20 - 00000258 _RASH C:UsersAll Usersntuser.pol

2012-08-09 05:35 - 2010-12-10 23:44 - 00000300 ___AH C:WindowsTasks{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

2012-08-09 05:35 - 2010-10-13 19:20 - 00000300 ___AH C:WindowsTasks{22116563-108C-42c0-A7CE-60161B75E508}.job

2012-08-09 05:35 - 2010-04-07 19:58 - 00000894 ____A C:WindowsTasksGoogleUpdateTaskMachineCore.job

2012-08-09 05:34 - 2009-12-17 02:54 - 00272150 ____A C:WindowsPFRO.log

2012-08-09 05:34 - 2009-07-13 21:08 - 00000006 ___AH C:WindowsTasksSA.DAT

2012-08-09 05:28 - 2010-02-03 13:02 - 01228915 ____A C:WindowsWindowsUpdate.log

2012-08-09 05:26 - 2012-05-07 07:22 - 00000830 ____A C:WindowsTasksAdobe Flash Player Updater.job

2012-08-09 05:26 - 2010-04-07 19:58 - 00000898 ____A C:WindowsTasksGoogleUpdateTaskMachineUA.job

2012-08-08 07:24 - 2009-07-13 20:45 - 00009920 ___AH C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-08 07:24 - 2009-07-13 20:45 - 00009920 ___AH C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-07 07:45 - 2012-08-07 07:45 - 00016712 ____A (Sysinternals - www.sysinternals.com) C:WindowsSystem32DriversPROCEXP113.SYS

2012-08-04 06:58 - 2010-12-30 20:55 - 00006714 ____A C:UsersMullowneyAppDataRoamingRim.Desktop.HttpServerSetup.log

2012-08-04 06:39 - 2012-08-04 06:39 - 18124296 ____A (Microsoft Corporation) C:UsersMullowneyDownloadsmpas-fe.exe

2012-08-03 22:26 - 2012-08-03 22:26 - 00002031 ____A C:UsersMullowneyDesktopaswMBR.txt

2012-08-03 22:26 - 2012-08-03 22:26 - 00000512 ____A C:UsersMullowneyDesktopMBR.dat

2012-08-03 22:17 - 2012-08-03 22:17 - 04731392 ____A (AVAST Software) C:UsersMullowneyDesktopaswMBR.exe

2012-08-03 22:16 - 2012-08-03 22:16 - 00032615 ____A C:UsersMullowneyDesktopDDS.txt

2012-08-03 22:16 - 2012-08-03 22:16 - 00011539 ____A C:UsersMullowneyDesktopAttach.txt

2012-08-03 22:10 - 2012-08-03 22:10 - 00607260 ____R (Swearware) C:UsersMullowneyDesktopdds.scr

2012-08-03 16:01 - 2012-05-07 07:22 - 00426184 ____A (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerApp.exe

2012-08-03 16:01 - 2011-06-09 09:12 - 00070344 ____A (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerCPLApp.cpl

2012-07-19 07:39 - 2009-07-13 21:13 - 00743726 ____A C:WindowsSystem32PerfStringBackup.INI

2012-07-17 13:33 - 2010-04-07 19:57 - 00001141 ____A C:UsersPublicDesktopMozilla Firefox.lnk

2012-07-16 17:12 - 2011-10-01 09:08 - 00000972 ____A C:UsersPublicDesktopAVG 2012.lnk

2012-07-14 08:29 - 2009-07-13 21:08 - 00032636 ____A C:WindowsTasksSCHEDLGU.TXT

2012-07-14 08:29 - 2009-07-13 20:45 - 00445472 ____A C:WindowsSystem32FNTCACHE.DAT

2012-07-13 07:21 - 2010-04-08 08:13 - 59701280 ____A (Microsoft Corporation) C:WindowsSystem32MRT.exe

2012-07-11 19:14 - 2012-07-11 19:14 - 00002027 ____A C:UsersPublicDesktopSprint SmartView.lnk

2012-07-04 07:31 - 2010-04-07 19:43 - 00118600 ____A C:UsersMullowneyAppDataLocalGDIPFONTCACHEV1.DAT

2012-06-23 18:35 - 2012-06-23 18:35 - 00000000 ___AH C:WindowsSystem32DriversMsft_Kernel_motccgpfl_01007.Wdf

2012-06-23 18:35 - 2012-06-23 18:35 - 00000000 ___AH C:WindowsSystem32DriversMsft_Kernel_motccgp_01007.Wdf

2012-06-11 19:08 - 2012-07-13 07:27 - 03148800 ____A (Microsoft Corporation) C:WindowsSystem32win32k.sys

2012-06-08 21:43 - 2012-07-11 19:11 - 14172672 ____A (Microsoft Corporation) C:WindowsSystem32shell32.dll

2012-06-08 20:41 - 2012-07-11 19:11 - 12873728 ____A (Microsoft Corporation) C:WindowsSysWOW64shell32.dll

2012-06-08 08:34 - 2010-08-01 14:48 - 00248320 __ASH C:UsersMullowneyDocumentsThumbs.db

2012-06-05 22:06 - 2012-07-11 19:11 - 02004480 ____A (Microsoft Corporation) C:WindowsSystem32msxml6.dll

2012-06-05 22:06 - 2012-07-11 19:11 - 01881600 ____A (Microsoft Corporation) C:WindowsSystem32msxml3.dll

2012-06-05 22:02 - 2012-07-11 19:11 - 01133568 ____A (Microsoft Corporation) C:WindowsSystem32cdosys.dll

2012-06-05 21:05 - 2012-07-11 19:11 - 01390080 ____A (Microsoft Corporation) C:WindowsSysWOW64msxml6.dll

2012-06-05 21:05 - 2012-07-11 19:11 - 01236992 ____A (Microsoft Corporation) C:WindowsSysWOW64msxml3.dll

2012-06-05 21:03 - 2012-07-11 19:11 - 00805376 ____A (Microsoft Corporation) C:WindowsSysWOW64cdosys.dll

2012-06-02 14:19 - 2012-06-22 07:51 - 02428952 ____A (Microsoft Corporation) C:WindowsSystem32wuaueng.dll

2012-06-02 14:19 - 2012-06-22 07:51 - 00701976 ____A (Microsoft Corporation) C:WindowsSystem32wuapi.dll

2012-06-02 14:19 - 2012-06-22 07:51 - 00057880 ____A (Microsoft Corporation) C:WindowsSystem32wuauclt.exe

2012-06-02 14:19 - 2012-06-22 07:51 - 00044056 ____A (Microsoft Corporation) C:WindowsSystem32wups2.dll

2012-06-02 14:19 - 2012-06-22 07:51 - 00038424 ____A (Microsoft Corporation) C:WindowsSystem32wups.dll

2012-06-02 14:15 - 2012-06-22 07:51 - 02622464 ____A (Microsoft Corporation) C:WindowsSystem32wucltux.dll

2012-06-02 14:15 - 2012-06-22 07:51 - 00099840 ____A (Microsoft Corporation) C:WindowsSystem32wudriver.dll

2012-06-02 13:19 - 2012-06-22 07:51 - 00186752 ____A (Microsoft Corporation) C:WindowsSystem32wuwebv.dll

2012-06-02 13:15 - 2012-06-22 07:51 - 00036864 ____A (Microsoft Corporation) C:WindowsSystem32wuapp.exe

2012-06-02 11:04 - 2010-04-07 20:39 - 00118600 ____A C:UsersNicoleAppDataLocalGDIPFONTCACHEV1.DAT

2012-06-02 04:49 - 2012-07-13 07:19 - 17807360 ____A (Microsoft Corporation) C:WindowsSystem32mshtml.dll

2012-06-02 04:17 - 2012-07-13 07:19 - 10924032 ____A (Microsoft Corporation) C:WindowsSystem32ieframe.dll

2012-06-02 04:12 - 2012-07-13 07:19 - 02311680 ____A (Microsoft Corporation) C:WindowsSystem32jscript9.dll

2012-06-02 04:05 - 2012-07-13 07:19 - 01392128 ____A (Microsoft Corporation) C:WindowsSystem32wininet.dll

2012-06-02 04:05 - 2012-07-13 07:19 - 01346048 ____A (Microsoft Corporation) C:WindowsSystem32urlmon.dll

2012-06-02 04:04 - 2012-07-13 07:19 - 01494528 ____A (Microsoft Corporation) C:WindowsSystem32inetcpl.cpl

2012-06-02 04:04 - 2012-07-13 07:19 - 00237056 ____A (Microsoft Corporation) C:WindowsSystem32url.dll

2012-06-02 04:03 - 2012-07-13 07:19 - 00085504 ____A (Microsoft Corporation) C:WindowsSystem32jsproxy.dll

2012-06-02 04:01 - 2012-07-13 07:19 - 00173056 ____A (Microsoft Corporation) C:WindowsSystem32ieUnatt.exe

2012-06-02 04:00 - 2012-07-13 07:19 - 00818688 ____A (Microsoft Corporation) C:WindowsSystem32jscript.dll

2012-06-02 03:59 - 2012-07-13 07:19 - 02144768 ____A (Microsoft Corporation) C:WindowsSystem32iertutil.dll

2012-06-02 03:57 - 2012-07-13 07:19 - 02382848 ____A (Microsoft Corporation) C:WindowsSystem32mshtml.tlb

2012-06-02 03:57 - 2012-07-13 07:19 - 00096768 ____A (Microsoft Corporation) C:WindowsSystem32mshtmled.dll

2012-06-02 03:54 - 2012-07-13 07:19 - 00248320 ____A (Microsoft Corporation) C:WindowsSystem32ieui.dll

2012-06-02 01:07 - 2012-07-13 07:19 - 12314624 ____A (Microsoft Corporation) C:WindowsSysWOW64mshtml.dll

2012-06-02 00:43 - 2012-07-13 07:19 - 09737728 ____A (Microsoft Corporation) C:WindowsSysWOW64ieframe.dll

2012-06-02 00:33 - 2012-07-13 07:19 - 01800192 ____A (Microsoft Corporation) C:WindowsSysWOW64jscript9.dll

2012-06-02 00:26 - 2012-07-13 07:19 - 01103872 ____A (Microsoft Corporation) C:WindowsSysWOW64urlmon.dll

2012-06-02 00:25 - 2012-07-13 07:19 - 01427968 ____A (Microsoft Corporation) C:WindowsSysWOW64inetcpl.cpl

2012-06-02 00:25 - 2012-07-13 07:19 - 01129472 ____A (Microsoft Corporation) C:WindowsSysWOW64wininet.dll

2012-06-02 00:23 - 2012-07-13 07:19 - 00231936 ____A (Microsoft Corporation) C:WindowsSysWOW64url.dll

2012-06-02 00:21 - 2012-07-13 07:19 - 00065024 ____A (Microsoft Corporation) C:WindowsSysWOW64jsproxy.dll

2012-06-02 00:20 - 2012-07-13 07:19 - 00142848 ____A (Microsoft Corporation) C:WindowsSysWOW64ieUnatt.exe

2012-06-02 00:19 - 2012-07-13 07:19 - 01793024 ____A (Microsoft Corporation) C:WindowsSysWOW64iertutil.dll

2012-06-02 00:19 - 2012-07-13 07:19 - 00716800 ____A (Microsoft Corporation) C:WindowsSysWOW64jscript.dll

2012-06-02 00:17 - 2012-07-13 07:19 - 00073216 ____A (Microsoft Corporation) C:WindowsSysWOW64mshtmled.dll

2012-06-02 00:16 - 2012-07-13 07:19 - 02382848 ____A (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb

2012-06-02 00:14 - 2012-07-13 07:19 - 00176640 ____A (Microsoft Corporation) C:WindowsSysWOW64ieui.dll

2012-06-01 21:50 - 2012-07-11 19:11 - 00458704 ____A (Microsoft Corporation) C:WindowsSystem32Driverscng.sys

2012-06-01 21:48 - 2012-07-11 19:11 - 00151920 ____A (Microsoft Corporation) C:WindowsSystem32Driversksecpkg.sys

2012-06-01 21:48 - 2012-07-11 19:11 - 00095600 ____A (Microsoft Corporation) C:WindowsSystem32Driversksecdd.sys

2012-06-01 21:45 - 2012-07-11 19:11 - 00340992 ____A (Microsoft Corporation) C:WindowsSystem32schannel.dll

2012-06-01 21:44 - 2012-07-11 19:11 - 00307200 ____A (Microsoft Corporation) C:WindowsSystem32ncrypt.dll

2012-06-01 20:40 - 2012-07-11 19:11 - 00225280 ____A (Microsoft Corporation) C:WindowsSysWOW64schannel.dll

2012-06-01 20:40 - 2012-07-11 19:11 - 00022016 ____A (Microsoft Corporation) C:WindowsSysWOW64secur32.dll

2012-06-01 20:39 - 2012-07-11 19:11 - 00219136 ____A (Microsoft Corporation) C:WindowsSysWOW64ncrypt.dll

2012-06-01 20:34 - 2012-07-11 19:11 - 00096768 ____A (Microsoft Corporation) C:WindowsSysWOW64sspicli.dll

2012-05-31 09:52 - 2012-05-31 09:52 - 00001790 ____A C:UsersPublicDesktopiTunes.lnk

2012-05-31 09:47 - 2012-05-31 09:47 - 00001852 ____A C:UsersPublicDesktopQuickTime Player.lnk

2012-05-30 08:08 - 2012-05-30 08:08 - 00136808 ____A (Smith Micro) C:WindowsSysWOW64PCTIN50.dll

2012-05-30 08:08 - 2012-05-30 08:08 - 00067176 ____A (DEVGURU) C:WindowsSysWOW64pxfhwmcp.dll

2012-05-12 22:39 - 2010-02-03 13:14 - 00032567 ____A C:WindowsDirectX.log

 

 

ZeroAccess:

C:WindowsInstaller{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}

C:WindowsInstaller{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}@

C:WindowsInstaller{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}L

C:WindowsInstaller{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}U

C:WindowsInstaller{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}L00000004.@

C:WindowsInstaller{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}L201d3dde

C:WindowsInstaller{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}U00000004.@

C:WindowsInstaller{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}U00000008.@

C:WindowsInstaller{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}U000000cb.@

C:WindowsInstaller{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}U80000000.@

C:WindowsInstaller{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}U80000032.@

C:WindowsInstaller{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}U80000064.@

 

ZeroAccess:

C:UsersMullowneyAppDataLocal{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}

C:UsersMullowneyAppDataLocal{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}@

C:UsersMullowneyAppDataLocal{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}L

C:UsersMullowneyAppDataLocal{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}U

 

ZeroAccess:

C:WindowsassemblyGAC_32Desktop.ini

 

ZeroAccess:

C:WindowsassemblyGAC_64Desktop.ini

 

========================= Known DLLs (Whitelisted) ============

 

 

========================= Bamital & volsnap Check ============

 

C:WindowsSystem32winlogon.exe => MD5 is legit

C:WindowsSystem32wininit.exe => MD5 is legit

C:WindowsSysWOW64wininit.exe => MD5 is legit

C:Windowsexplorer.exe => MD5 is legit

C:WindowsSysWOW64explorer.exe => MD5 is legit

C:WindowsSystem32svchost.exe => MD5 is legit

C:WindowsSysWOW64svchost.exe => MD5 is legit

C:WindowsSystem32services.exe => MD5 is legit

C:WindowsSystem32User32.dll => MD5 is legit

C:WindowsSysWOW64User32.dll => MD5 is legit

C:WindowsSystem32userinit.exe => MD5 is legit

C:WindowsSysWOW64userinit.exe => MD5 is legit

C:WindowsSystem32Driversvolsnap.sys => MD5 is legit

 

==================== EXE ASSOCIATION =====================

 

HKLM....exe: exefile => OK

HKLM...exefileDefaultIcon: %1 => OK

HKLM...exefileopencommand: "%1" %* => OK

 

========================= Memory info ======================

 

Percentage of memory in use: 19%

Total physical RAM: 3766.77 MB

Available physical RAM: 3047.8 MB

Total Pagefile: 3764.92 MB

Available Pagefile: 3041.47 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

 

======================= Partitions =========================

 

1 Drive c: (Gateway) (Fixed) (Total:453.66 GB) (Free:332.4 GB) NTFS

2 Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:4.22 GB) NTFS

5 Drive h: (STORE N GO) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

7 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 3816 MB 0 B

 

Partitions of Disk 0:

===============

 

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 12 GB 31 KB

Partition 2 Primary 101 MB 12 GB

Partition 3 Primary 453 GB 12 GB

 

==================================================================================

 

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

 

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 E PQSERVICE NTFS Partition 12 GB Healthy Hidden

 

==================================================================================

 

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

 

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 Y SYSTEM RESE NTFS Partition 101 MB Healthy

 

==================================================================================

 

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

 

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 C Gateway NTFS Partition 453 GB Healthy

 

==================================================================================

 

Partitions of Disk 1:

===============

 

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3812 MB 4032 KB

 

==================================================================================

 

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: No

 

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 H STORE N GO FAT32 Removable 3812 MB Healthy

 

==================================================================================

 

==========================================================

 

Last Boot: 2012-05-15 09:15

 

======================= End Of Log ==========================

Share this post


Link to post
Share on other sites

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

 

C:WindowsInstaller{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}
C:UsersMullowneyAppDataLocal{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}
C:WindowsassemblyGAC_32Desktop.ini
C:WindowsassemblyGAC_64Desktop.ini

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Share this post


Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012

Ran by SYSTEM at 2012-08-10 10:29:45 Run:1

Running from G:\

 

==============================================

 

C:\Windows\Installer\{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792} moved successfully.

C:\Users\Mullowney\AppData\Local\{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

 

==== End of Fixlog ====

Share this post


Link to post
Share on other sites

I ran Combofix but now I can't open any programs. Everything I click says: C:program files (x86) Illegal operation attempted on a registry key that has been marked for deletion.

what now? I'm afraid to reboot and crash my laptop. I had to post this via my cell phone.

Share this post


Link to post
Share on other sites

Ok thanks that worked.

 

ComboFix 12-08-09.01 - Mullowney 08/10/2012 15:04:17.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2073 [GMT -6:00]

Running from: c:usersMullowneyDesktopComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:Install.exe

c:usersMullowneyAppDataLocalApple ComputerAdobephjpndw.dll

c:usersMullowneyDocuments~WRL0003.tmp

c:usersPublicDocuments~WRL0003.tmp

.

Infected copy of c:windowssystem32services.exe was found and disinfected

Restored copy from - c:32788r22fwjfwHarddiskVolumeShadowCopy9_!Windows!System32!services.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))

.

.

2012-08-10 21:16 . 2012-08-10 21:16 -------- d-----w- c:userskodakAppDataLocaltemp

2012-08-10 21:16 . 2012-08-10 21:16 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-08-10 21:15 . 2012-08-10 21:15 -------- d-----w- c:usersNicoleAppDataLocaltemp

2012-08-09 15:39 . 2012-08-09 15:39 -------- d-----w- C:FRST

2012-08-04 16:39 . 2012-08-05 04:11 -------- d-----w- c:usersMullowneyAppDataLocalLogMeIn Rescue Applet

2012-08-03 23:48 . 2012-08-03 23:48 -------- d-sh--w- c:windowsSysWow64%APPDATA%

2012-07-14 23:54 . 2012-07-14 23:54 -------- d-----w- c:usersMullowneyAppDataRoamingCyberLink

2012-07-14 23:07 . 2012-07-14 23:07 -------- d-----w- c:usersNicoleAppDataRoamingSierra Wireless

2012-07-14 23:02 . 2012-07-14 23:02 -------- d-----w- c:usersNicoleAppDataLocalSprint

2012-07-13 15:27 . 2012-06-12 03:08 3148800 ----a-w- c:windowssystem32win32k.sys

2012-07-12 03:28 . 2012-07-12 03:28 -------- d-----w- c:programdataSierra Wireless

2012-07-12 03:19 . 2012-07-12 03:19 -------- d-----w- c:usersMullowneyAppDataLocalSprint

2012-07-12 03:19 . 2012-07-12 03:19 -------- d-----w- c:usersMullowneyAppDataRoamingSierra Wireless

2012-07-12 03:19 . 2010-10-19 16:00 47104 ----a-w- c:windowssystem32driversswmsflt.sys

2012-07-12 03:14 . 2012-07-12 03:14 -------- d-----w- c:program files (x86)Common FilesEPP

2012-07-12 03:14 . 2012-07-12 03:14 -------- d-----w- c:program files (x86)Common FilesPctelEapPeer Authentication

2012-07-12 03:14 . 2012-07-12 03:14 -------- d-----w- c:program files (x86)Sierra Wireless

2012-07-12 03:13 . 2012-07-12 03:13 -------- d-----w- c:program files (x86)Novatel Wireless

2012-07-12 03:13 . 2012-07-12 03:13 -------- d-----w- c:programdataSprint

2012-07-12 03:13 . 2012-07-12 03:13 -------- d-----w- c:program files (x86)Sprint

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-04 00:01 . 2012-05-07 15:22 426184 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-08-04 00:01 . 2011-06-09 17:12 70344 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-07-13 15:21 . 2010-04-08 16:13 59701280 ----a-w- c:windowssystem32MRT.exe

2012-06-02 22:19 . 2012-06-22 15:51 38424 ----a-w- c:windowssystem32wups.dll

2012-06-02 22:19 . 2012-06-22 15:51 2428952 ----a-w- c:windowssystem32wuaueng.dll

2012-06-02 22:19 . 2012-06-22 15:51 57880 ----a-w- c:windowssystem32wuauclt.exe

2012-06-02 22:19 . 2012-06-22 15:51 44056 ----a-w- c:windowssystem32wups2.dll

2012-06-02 22:19 . 2012-06-22 15:51 701976 ----a-w- c:windowssystem32wuapi.dll

2012-06-02 22:15 . 2012-06-22 15:51 2622464 ----a-w- c:windowssystem32wucltux.dll

2012-06-02 22:15 . 2012-06-22 15:51 99840 ----a-w- c:windowssystem32wudriver.dll

2012-06-02 21:19 . 2012-06-22 15:51 186752 ----a-w- c:windowssystem32wuwebv.dll

2012-06-02 21:15 . 2012-06-22 15:51 36864 ----a-w- c:windowssystem32wuapp.exe

2012-05-30 16:08 . 2012-05-30 16:08 67176 ----a-w- c:windowsSysWow64pxfhwmcp.dll

2012-05-30 16:08 . 2012-05-30 16:08 136808 ----a-w- c:windowsSysWow64PCTIN50.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINEWow6432Node~Browser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-09 20:15 2074208 ----a-w- c:program files (x86)AVG Secure Search11.1.0.12AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:program files (x86)AVG Secure Search11.1.0.12AVG Secure Search_toolbar.dll" [2012-07-09 2074208]

.

[HKEY_CLASSES_ROOTclsid{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOTAVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOTAVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"swg"="c:program files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2009-12-17 39408]

"Akamai NetSession Interface"="c:usersMullowneyAppDataLocalAkamainetsession_win.exe" [2012-05-26 4327744]

"MobileDocuments"="c:program files (x86)Common FilesAppleInternet Servicesubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"LManager"="c:program files (x86)Launch ManagerLManager.exe" [2009-09-17 1157640]

"BackupManagerTray"="c:program files (x86)NewTech InfosystemsGateway MyBackupBackupManagerTray.exe" [2009-10-29 244480]

"VideoWebCamera"="c:program files (x86)VideoWebCameraVideoWebCamera.exe" [2009-07-28 1507448]

"RemoteControl8"="c:program files (x86)CyberLinkPowerDVD8PDVD8Serv.exe" [2009-04-16 91432]

"PDVD8LanguageShortcut"="c:program files (x86)CyberLinkPowerDVD8LanguageLanguage.exe" [2009-04-16 50472]

"AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2012-04-05 2587008]

"BCSSync"="c:program files (x86)Microsoft OfficeOffice14BCSSync.exe" [2010-03-13 91520]

"ArcSoft Connection Service"="c:program files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe" [2010-10-28 207424]

"Monitor"="c:program files (x86)LeapFrogLeapFrog ConnectMonitor.exe" [2011-11-12 268640]

"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-01-02 843712]

"VMM Mode Selection"="c:program filesHTCModeSelectionVMMModeSelection.exe" [2011-02-14 43520]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-02-21 59240]

"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-01-18 254696]

"vProt"="c:program files (x86)AVG Secure Searchvprot.exe" [2012-07-09 1107552]

"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2012-03-27 421736]

"Sprint SmartView"="c:program files (x86)SprintSprint SmartViewSprintSV.exe" [2012-06-07 75368]

"HP Software Update"="c:program files (x86)HPHP Software UpdateHPWuSchd2.exe" [2011-05-10 49208]

.

c:usersNicoleAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

OpenOffice.org 3.2.lnk - c:program files (x86)OpenOffice.org 3programquickstart.exe [N/A]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

HP Digital Imaging Monitor.lnk - c:program files (x86)HPDigital Imagingbinhpqtra08.exe [2009-11-18 275072]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-04-08 135664]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-04 250056]

R3 bcm;WiMAX Network Adapter;c:windowssystem32DRIVERSdrxvi314_64.sys [2012-03-20 416000]

R3 bcmbusctr;WiMAX Bus Driver;c:windowssystem32DRIVERSBcmBusCtr_64.sys [2012-03-20 64000]

R3 CASprint;Sprint Con App Svc;c:program files (x86)SprintSprint SmartViewConAppsSvc.exe [2012-05-30 124520]

R3 FlyUsb;FLY Fusion;c:windowssystem32DRIVERSFlyUsb.sys [2008-04-01 24576]

R3 gupdatem;Google Update Service (gupdatem);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-04-08 135664]

R3 HtcUsbMdmV64;HTC Proprietary USB Driver;c:windowssystem32DRIVERSHtcUsbMdmV64.sys [2010-03-08 121800]

R3 HtcVCom32;HTC Diagnostic Port;c:windowssystem32DRIVERSHtcVComV64.sys [2010-03-08 121800]

R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:windowssystem32DRIVERSbtblan.sys [2010-01-20 40320]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:program files (x86)Microsoft OfficeOffice14GROOVE.EXE [2011-06-12 31125880]

R3 motccgp;Motorola USB Composite Device Driver;c:windowssystem32DRIVERSmotccgp.sys [2011-04-04 21504]

R3 motccgpfl;MotCcgpFlService;c:windowssystem32DRIVERSmotccgpfl.sys [2009-01-29 9216]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:program files (x86)Mozilla Maintenance Servicemaintenanceservice.exe [2012-07-14 113120]

R3 osppsvc;Office Software Protection Platform;c:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [2010-01-10 4925184]

R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:windowssystem32PCTINDIS5X64.SYS [2010-08-05 43032]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:windowssystem32DriversRtsUStor.sys [2009-09-02 225280]

R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:progra~2VERIZO~1VZACCE~1SMSIVZAM5X64.SYS [2009-05-25 43032]

R3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32DRIVERSVSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:windowssystem32DRIVERSVSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32DRIVERSVSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [2011-05-10 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-04-08 1255736]

S0 AVGIDSHA;AVGIDSHA;c:windowssystem32DRIVERSavgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [2012-01-31 36944]

S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys [2009-07-09 55280]

S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [2012-03-19 383808]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-14 59904]

S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2012-07-04 5160568]

S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2012-02-14 193288]

S2 cvhsvc;Client Virtualization Handler;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE [2012-01-04 822624]

S2 ePowerSvc;Acer ePower Service;c:program filesGatewayGateway Power ManagementePowerSvc.exe [2009-10-29 844320]

S2 Greg_Service;GRegService;c:program files (x86)GatewayRegistrationGregHSRW.exe [2009-08-28 1150496]

S2 HsfXAudioService;HsfXAudioService;c:windowssystem32svchost.exe [2009-07-14 27136]

S2 MotoHelper;MotoHelper Service;c:program files (x86)MotorolaMotoHelperMotoHelperService.exe [2011-04-26 223088]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:program files (x86)NewTech InfosystemsGateway MyBackupIScheduleSvc.exe [2009-10-29 255744]

S2 NvtlService;NovaCore SDK Service;c:program files (x86)Novatel WirelessNovacoreServerNvtlSrvr.exe [2011-02-07 92504]

S2 NWHelper;Novatel Wireless Device Helper ;c:program files (x86)Novatel WirelessDriversNWHelper.exe [2011-03-16 270336]

S2 sftlist;Application Virtualization Client;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe [2011-10-01 508776]

S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:program files (x86)SprintSprint SmartViewSwiCardDetect64.exe [2010-09-22 307568]

S2 UNS;Intel® Management & Security Application User Notification Service;c:program files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2009-09-30 2320920]

S2 Updater Service;Updater Service;c:program filesGatewayGateway UpdaterUpdaterService.exe [2009-07-04 240160]

S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:program files (x86)Common FilesAVG Secure SearchvToolbarUpdater11.2.0ToolbarUpdater.exe [2012-07-09 935008]

S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSavgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSavgidsfiltera.sys [2011-12-23 29776]

S3 CAXHWAZL;CAXHWAZL;c:windowssystem32DRIVERSCAXHWAZL.sys [2009-02-12 292864]

S3 HECIx64;Intel® Management Engine Interface;c:windowssystem32DRIVERSHECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:windowssystem32DRIVERSImpcd.sys [2010-02-27 158976]

S3 IntcDAud;Intel® Display Audio;c:windowssystem32DRIVERSIntcDAud.sys [2011-08-23 317440]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:windowssystem32DRIVERSk57nd60a.sys [2009-08-05 320040]

S3 Sftfs;Sftfs;c:windowssystem32DRIVERSSftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:windowssystem32DRIVERSSftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:windowssystem32DRIVERSSftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:windowssystem32DRIVERSSftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe [2011-10-01 219496]

.

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-10 c:windowsTasksAdobe Flash Player Updater.job

- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-05-07 00:01]

.

2012-08-10 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-04-08 03:58]

.

2012-08-10 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-04-08 03:58]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"IAAnotif"="c:program files (x86)IntelIntel Matrix Storage Manageriaanotif.exe" [2009-10-13 186904]

"Acer ePower Management"="c:program filesGatewayGateway Power ManagementePowerTray.exe" [2009-10-29 822816]

"RtHDVCpl"="c:program filesRealtekAudioHDARAVCpl64.exe" [2009-10-20 8306208]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2012-01-10 167704]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2012-01-10 392984]

"Persistence"="c:windowssystem32igfxpers.exe" [2012-01-10 417560]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n925l0454z1k5a4402y27q

uLocal Page = c:windowssystem32blank.htm

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n925l0454z1k5a4402y27q

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = <local>;192.168.*.*

IE: E&xport to Microsoft Excel - c:progra~2MICROS~1Office14EXCEL.EXE/3000

IE: Se&nd to OneNote - c:progra~2MICROS~1Office14ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1 205.171.2.25

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:program files (x86)Common FilesAVG Secure SearchViProtocolInstaller11.2.0ViProtocol.dll

FF - ProfilePath - c:usersMullowneyAppDataRoamingMozillaFirefoxProfiles1kpp5t6h.default

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - espn.com

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B86df5736-5c17-4a88-aae1-c35ffdcea91e%7D&mid=4d2b2db3286cdafc3124581446d14737-f118a8ae36c24207e6bdba77c1a93205f2b6f996&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-15%2009%3A33%3A23&sap=ku&q=

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-Adobe - c:usersMullowneyAppDataLocalApple ComputerAdobephjpndw.dll

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:program files (x86)SynapticsSynTPSynTPEnh.exe

AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:programdata{E85781E1-08F4-413E-86A1-CCEF4E1B12CB}Best Buy Software Installer Setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftOfficeCommonSmart TagActions{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftSchema LibraryActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftSchema LibraryActionsPane30]

"Key"="ActionsPane3"

"Location"="c:Program Files (x86)Common FilesMicrosoft SharedVSTOActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0001AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0003AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:program files (x86)Common FilesArcSoftConnection ServiceBinACService.exe

c:program files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

c:program files (x86)LeapFrogLeapFrog ConnectCommandService.exe

c:program files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe

c:program files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe

c:program files (x86)MotorolaMotoHelperMotoHelperAgent.exe

c:windowsWLXPGSS.SCR

.

**************************************************************************

.

Completion time: 2012-08-10 15:41:14 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-10 21:41

.

Pre-Run: 357,493,858,304 bytes free

Post-Run: 368,568,492,032 bytes free

.

- - End Of File - - 78A573619BF55C58A63CBE3193F1266F

Share this post


Link to post
Share on other sites

Great. Looks like we finally killed the beast. :clap:

 

Now let's get an online scan (This takes a long time)

 

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Share this post


Link to post
Share on other sites

C:FRSTQuarantine{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}U00000008.@ Win64/Agent.BA trojan

C:FRSTQuarantine{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}U000000cb.@ Win64/Conedex.B trojan

C:FRSTQuarantine{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}U80000000.@ Win64/Sirefef.AP trojan

C:FRSTQuarantine{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}U80000032.@ a variant of Win32/Sirefef.FD trojan

C:QooboxQuarantineCUsersMullowneyAppDataLocalApple ComputerAdobephjpndw.dll.vir a variant of Win32/Kryptik.AIZQ trojan

C:QooboxQuarantineCWindowsSystem32services.exe.vir Win64/Patched.B.Gen trojan

C:UsersMullowneyAppDataLocalLowSunJavaDeploymentcache6.021e5ef7c2-28b8c99e multiple threats

C:UsersMullowneyAppDataLocalLowSunJavaDeploymentcache6.0476fd04eaf-7c680255 a variant of Java/TrojanDownloader.OpenStream.NBY trojan

C:UsersMullowneyAppDataLocalLowSunJavaDeploymentcache6.0514f444273-402c804d Java/TrojanDownloader.Agent.NDR trojan

C:UsersMullowneyAppDataLocalLowSunJavaDeploymentcache6.06340b3013f-1183e8d2 Java/Exploit.Blacole.AN trojan

C:UsersMullowneyAppDataRoamingMozillaFirefoxProfiles1kpp5t6h.defaultextensionstvbbiouerm@tvbbiouerm.org.xpi JS/Redirector.NCA trojan

 

Would/Could this be preventing both Windows Update and Windows Defender from running? Each time I try, I receive an error message: Access Denied (Error Code 0x80070005)

Share this post


Link to post
Share on other sites

Probably not. Most likely there is still some damage that hasn't been repaired.

 

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

     

    File::
    C:\Users\Mullowney\AppData\Roaming\Mozilla\Firefox\Profiles\1kpp5t6h.default\extensions\tvbbiouerm@tvbbiouerm.org.xpi
    ClearJavaCache::
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Share this post


Link to post
Share on other sites

ComboFix 12-08-09.01 - Mullowney 08/11/2012 8:50.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2364 [GMT -6:00]

Running from: c:usersMullowneyDesktopComboFix.exe

Command switches used :: c:usersMullowneyDesktopCFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))

.

.

2012-08-11 15:02 . 2012-08-11 15:02 -------- d-----w- c:usersNicoleAppDataLocaltemp

2012-08-11 15:02 . 2012-08-11 15:02 -------- d-----w- c:userskodakAppDataLocaltemp

2012-08-11 15:02 . 2012-08-11 15:02 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-08-11 05:48 . 2012-08-11 05:48 -------- d-----w- c:program files (x86)ESET

2012-08-09 15:39 . 2012-08-09 15:39 -------- d-----w- C:FRST

2012-08-04 16:39 . 2012-08-05 04:11 -------- d-----w- c:usersMullowneyAppDataLocalLogMeIn Rescue Applet

2012-08-03 23:48 . 2012-08-03 23:48 -------- d-sh--w- c:windowsSysWow64%APPDATA%

2012-07-14 23:54 . 2012-07-14 23:54 -------- d-----w- c:usersMullowneyAppDataRoamingCyberLink

2012-07-14 23:07 . 2012-07-14 23:07 -------- d-----w- c:usersNicoleAppDataRoamingSierra Wireless

2012-07-14 23:02 . 2012-07-14 23:02 -------- d-----w- c:usersNicoleAppDataLocalSprint

2012-07-13 15:27 . 2012-06-12 03:08 3148800 ----a-w- c:windowssystem32win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-04 00:01 . 2012-05-07 15:22 426184 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-08-04 00:01 . 2011-06-09 17:12 70344 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-07-13 15:21 . 2010-04-08 16:13 59701280 ----a-w- c:windowssystem32MRT.exe

2012-06-09 05:43 . 2012-07-12 03:11 14172672 ----a-w- c:windowssystem32shell32.dll

2012-06-06 06:06 . 2012-07-12 03:11 2004480 ----a-w- c:windowssystem32msxml6.dll

2012-06-06 06:06 . 2012-07-12 03:11 1881600 ----a-w- c:windowssystem32msxml3.dll

2012-06-06 06:02 . 2012-07-12 03:11 1133568 ----a-w- c:windowssystem32cdosys.dll

2012-06-06 05:05 . 2012-07-12 03:11 1390080 ----a-w- c:windowsSysWow64msxml6.dll

2012-06-06 05:05 . 2012-07-12 03:11 1236992 ----a-w- c:windowsSysWow64msxml3.dll

2012-06-06 05:03 . 2012-07-12 03:11 805376 ----a-w- c:windowsSysWow64cdosys.dll

2012-06-02 22:19 . 2012-06-22 15:51 38424 ----a-w- c:windowssystem32wups.dll

2012-06-02 22:19 . 2012-06-22 15:51 2428952 ----a-w- c:windowssystem32wuaueng.dll

2012-06-02 22:19 . 2012-06-22 15:51 57880 ----a-w- c:windowssystem32wuauclt.exe

2012-06-02 22:19 . 2012-06-22 15:51 44056 ----a-w- c:windowssystem32wups2.dll

2012-06-02 22:19 . 2012-06-22 15:51 701976 ----a-w- c:windowssystem32wuapi.dll

2012-06-02 22:15 . 2012-06-22 15:51 2622464 ----a-w- c:windowssystem32wucltux.dll

2012-06-02 22:15 . 2012-06-22 15:51 99840 ----a-w- c:windowssystem32wudriver.dll

2012-06-02 21:19 . 2012-06-22 15:51 186752 ----a-w- c:windowssystem32wuwebv.dll

2012-06-02 21:15 . 2012-06-22 15:51 36864 ----a-w- c:windowssystem32wuapp.exe

2012-06-02 05:50 . 2012-07-12 03:11 458704 ----a-w- c:windowssystem32driverscng.sys

2012-06-02 05:48 . 2012-07-12 03:11 151920 ----a-w- c:windowssystem32driversksecpkg.sys

2012-06-02 05:48 . 2012-07-12 03:11 95600 ----a-w- c:windowssystem32driversksecdd.sys

2012-06-02 05:45 . 2012-07-12 03:11 340992 ----a-w- c:windowssystem32schannel.dll

2012-06-02 05:44 . 2012-07-12 03:11 307200 ----a-w- c:windowssystem32ncrypt.dll

2012-06-02 04:40 . 2012-07-12 03:11 22016 ----a-w- c:windowsSysWow64secur32.dll

2012-06-02 04:40 . 2012-07-12 03:11 225280 ----a-w- c:windowsSysWow64schannel.dll

2012-06-02 04:39 . 2012-07-12 03:11 219136 ----a-w- c:windowsSysWow64ncrypt.dll

2012-06-02 04:34 . 2012-07-12 03:11 96768 ----a-w- c:windowsSysWow64sspicli.dll

2012-05-30 16:08 . 2012-05-30 16:08 67176 ----a-w- c:windowsSysWow64pxfhwmcp.dll

2012-05-30 16:08 . 2012-05-30 16:08 136808 ----a-w- c:windowsSysWow64PCTIN50.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-10_21.25.10 )))))))))))))))))))))))))))))))))))))))))

.

- 2012-08-10 21:16 . 2012-08-10 21:16 24928 c:windowsSysWOW64configsystemprofileAppDataRoamingSoftGrid ClientIcon Cacheicon_ex.dat

+ 2012-08-11 15:03 . 2012-08-11 15:03 24928 c:windowsSysWOW64configsystemprofileAppDataRoamingSoftGrid ClientIcon Cacheicon_ex.dat

+ 2009-07-14 05:10 . 2012-08-11 15:06 37618 c:windowssystem32wdiBootPerformanceDiagnostics_SystemData.bin

+ 2010-04-08 03:45 . 2012-08-11 15:06 25714 c:windowssystem32wdi{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-3737331042-1631840241-1494535839-1001_UserData.bin

+ 2012-08-11 15:04 . 2012-08-11 15:04 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

- 2012-08-10 21:18 . 2012-08-10 21:18 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

- 2012-08-10 21:18 . 2012-08-10 21:18 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

+ 2012-08-11 15:04 . 2012-08-11 15:04 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

- 2009-07-14 04:54 . 2012-08-10 16:32 229376 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2009-07-14 04:54 . 2012-08-11 14:40 229376 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2009-07-14 05:01 . 2012-08-11 15:03 443156 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

- 2009-07-14 05:01 . 2012-08-10 21:16 443156 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

- 2009-07-14 04:54 . 2012-08-10 16:32 4440064 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2009-07-14 04:54 . 2012-08-11 14:40 4440064 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2009-07-14 04:54 . 2012-08-10 16:32 10420224 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2009-07-14 04:54 . 2012-08-11 14:40 10420224 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2010-11-29 08:10 . 2012-08-11 15:03 41762060 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-S-1-5-21-3737331042-1631840241-1494535839-1001-8192.dat

- 2010-11-29 08:10 . 2012-08-10 21:17 41762060 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-S-1-5-21-3737331042-1631840241-1494535839-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINEWow6432Node~Browser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-09 20:15 2074208 ----a-w- c:program files (x86)AVG Secure Search11.1.0.12AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:program files (x86)AVG Secure Search11.1.0.12AVG Secure Search_toolbar.dll" [2012-07-09 2074208]

.

[HKEY_CLASSES_ROOTclsid{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOTAVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOTAVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"swg"="c:program files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2009-12-17 39408]

"Akamai NetSession Interface"="c:usersMullowneyAppDataLocalAkamainetsession_win.exe" [2012-05-26 4327744]

"MobileDocuments"="c:program files (x86)Common FilesAppleInternet Servicesubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"LManager"="c:program files (x86)Launch ManagerLManager.exe" [2009-09-17 1157640]

"BackupManagerTray"="c:program files (x86)NewTech InfosystemsGateway MyBackupBackupManagerTray.exe" [2009-10-29 244480]

"VideoWebCamera"="c:program files (x86)VideoWebCameraVideoWebCamera.exe" [2009-07-28 1507448]

"RemoteControl8"="c:program files (x86)CyberLinkPowerDVD8PDVD8Serv.exe" [2009-04-16 91432]

"PDVD8LanguageShortcut"="c:program files (x86)CyberLinkPowerDVD8LanguageLanguage.exe" [2009-04-16 50472]

"AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2012-04-05 2587008]

"BCSSync"="c:program files (x86)Microsoft OfficeOffice14BCSSync.exe" [2010-03-13 91520]

"ArcSoft Connection Service"="c:program files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe" [2010-10-28 207424]

"Monitor"="c:program files (x86)LeapFrogLeapFrog ConnectMonitor.exe" [2011-11-12 268640]

"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-01-02 843712]

"VMM Mode Selection"="c:program filesHTCModeSelectionVMMModeSelection.exe" [2011-02-14 43520]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-02-21 59240]

"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-01-18 254696]

"vProt"="c:program files (x86)AVG Secure Searchvprot.exe" [2012-07-09 1107552]

"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2012-03-27 421736]

"Sprint SmartView"="c:program files (x86)SprintSprint SmartViewSprintSV.exe" [2012-06-07 75368]

"HP Software Update"="c:program files (x86)HPHP Software UpdateHPWuSchd2.exe" [2011-05-10 49208]

.

c:usersNicoleAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

OpenOffice.org 3.2.lnk - c:program files (x86)OpenOffice.org 3programquickstart.exe [N/A]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

HP Digital Imaging Monitor.lnk - c:program files (x86)HPDigital Imagingbinhpqtra08.exe [2009-11-18 275072]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-04-08 135664]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-04 250056]

R3 bcm;WiMAX Network Adapter;c:windowssystem32DRIVERSdrxvi314_64.sys [2012-03-20 416000]

R3 bcmbusctr;WiMAX Bus Driver;c:windowssystem32DRIVERSBcmBusCtr_64.sys [2012-03-20 64000]

R3 CASprint;Sprint Con App Svc;c:program files (x86)SprintSprint SmartViewConAppsSvc.exe [2012-05-30 124520]

R3 FlyUsb;FLY Fusion;c:windowssystem32DRIVERSFlyUsb.sys [2008-04-01 24576]

R3 gupdatem;Google Update Service (gupdatem);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-04-08 135664]

R3 HtcUsbMdmV64;HTC Proprietary USB Driver;c:windowssystem32DRIVERSHtcUsbMdmV64.sys [2010-03-08 121800]

R3 HtcVCom32;HTC Diagnostic Port;c:windowssystem32DRIVERSHtcVComV64.sys [2010-03-08 121800]

R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:windowssystem32DRIVERSbtblan.sys [2010-01-20 40320]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:program files (x86)Microsoft OfficeOffice14GROOVE.EXE [2011-06-12 31125880]

R3 motccgp;Motorola USB Composite Device Driver;c:windowssystem32DRIVERSmotccgp.sys [2011-04-04 21504]

R3 motccgpfl;MotCcgpFlService;c:windowssystem32DRIVERSmotccgpfl.sys [2009-01-29 9216]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:program files (x86)Mozilla Maintenance Servicemaintenanceservice.exe [2012-07-14 113120]

R3 osppsvc;Office Software Protection Platform;c:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [2010-01-10 4925184]

R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:windowssystem32PCTINDIS5X64.SYS [2010-08-05 43032]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:windowssystem32DriversRtsUStor.sys [2009-09-02 225280]

R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:progra~2VERIZO~1VZACCE~1SMSIVZAM5X64.SYS [2009-05-25 43032]

R3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32DRIVERSVSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:windowssystem32DRIVERSVSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32DRIVERSVSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [2011-05-10 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-04-08 1255736]

S0 AVGIDSHA;AVGIDSHA;c:windowssystem32DRIVERSavgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [2012-01-31 36944]

S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys [2009-07-09 55280]

S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [2012-03-19 383808]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-14 59904]

S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2012-07-04 5160568]

S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2012-02-14 193288]

S2 cvhsvc;Client Virtualization Handler;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE [2012-01-04 822624]

S2 ePowerSvc;Acer ePower Service;c:program filesGatewayGateway Power ManagementePowerSvc.exe [2009-10-29 844320]

S2 Greg_Service;GRegService;c:program files (x86)GatewayRegistrationGregHSRW.exe [2009-08-28 1150496]

S2 HsfXAudioService;HsfXAudioService;c:windowssystem32svchost.exe [2009-07-14 27136]

S2 MotoHelper;MotoHelper Service;c:program files (x86)MotorolaMotoHelperMotoHelperService.exe [2011-04-26 223088]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:program files (x86)NewTech InfosystemsGateway MyBackupIScheduleSvc.exe [2009-10-29 255744]

S2 NvtlService;NovaCore SDK Service;c:program files (x86)Novatel WirelessNovacoreServerNvtlSrvr.exe [2011-02-07 92504]

S2 NWHelper;Novatel Wireless Device Helper ;c:program files (x86)Novatel WirelessDriversNWHelper.exe [2011-03-16 270336]

S2 sftlist;Application Virtualization Client;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe [2011-10-01 508776]

S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:program files (x86)SprintSprint SmartViewSwiCardDetect64.exe [2010-09-22 307568]

S2 UNS;Intel® Management & Security Application User Notification Service;c:program files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2009-09-30 2320920]

S2 Updater Service;Updater Service;c:program filesGatewayGateway UpdaterUpdaterService.exe [2009-07-04 240160]

S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:program files (x86)Common FilesAVG Secure SearchvToolbarUpdater11.2.0ToolbarUpdater.exe [2012-07-09 935008]

S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSavgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSavgidsfiltera.sys [2011-12-23 29776]

S3 CAXHWAZL;CAXHWAZL;c:windowssystem32DRIVERSCAXHWAZL.sys [2009-02-12 292864]

S3 HECIx64;Intel® Management Engine Interface;c:windowssystem32DRIVERSHECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:windowssystem32DRIVERSImpcd.sys [2010-02-27 158976]

S3 IntcDAud;Intel® Display Audio;c:windowssystem32DRIVERSIntcDAud.sys [2011-08-23 317440]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:windowssystem32DRIVERSk57nd60a.sys [2009-08-05 320040]

S3 Sftfs;Sftfs;c:windowssystem32DRIVERSSftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:windowssystem32DRIVERSSftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:windowssystem32DRIVERSSftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:windowssystem32DRIVERSSftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe [2011-10-01 219496]

.

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-11 c:windowsTasksAdobe Flash Player Updater.job

- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-05-07 00:01]

.

2012-08-11 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-04-08 03:58]

.

2012-08-11 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-04-08 03:58]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"IAAnotif"="c:program files (x86)IntelIntel Matrix Storage Manageriaanotif.exe" [2009-10-13 186904]

"Acer ePower Management"="c:program filesGatewayGateway Power ManagementePowerTray.exe" [2009-10-29 822816]

"RtHDVCpl"="c:program filesRealtekAudioHDARAVCpl64.exe" [2009-10-20 8306208]

"SynTPEnh"="c:program files (x86)SynapticsSynTPSynTPEnh.exe" [bU]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2012-01-10 167704]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2012-01-10 392984]

"Persistence"="c:windowssystem32igfxpers.exe" [2012-01-10 417560]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n925l0454z1k5a4402y27q

uLocal Page = c:windowssystem32blank.htm

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n925l0454z1k5a4402y27q

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = <local>;192.168.*.*

IE: E&xport to Microsoft Excel - c:progra~2MICROS~1Office14EXCEL.EXE/3000

IE: Se&nd to OneNote - c:progra~2MICROS~1Office14ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1 205.171.2.25

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:program files (x86)Common FilesAVG Secure SearchViProtocolInstaller11.2.0ViProtocol.dll

FF - ProfilePath - c:usersMullowneyAppDataRoamingMozillaFirefoxProfiles1kpp5t6h.default

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - espn.com

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B86df5736-5c17-4a88-aae1-c35ffdcea91e%7D&mid=4d2b2db3286cdafc3124581446d14737-f118a8ae36c24207e6bdba77c1a93205f2b6f996&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-15%2009%3A33%3A23&sap=ku&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftOfficeCommonSmart TagActions{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftSchema LibraryActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftSchema LibraryActionsPane30]

"Key"="ActionsPane3"

"Location"="c:Program Files (x86)Common FilesMicrosoft SharedVSTOActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0001AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0003AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:program files (x86)Common FilesArcSoftConnection ServiceBinACService.exe

c:program files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

c:program files (x86)LeapFrogLeapFrog ConnectCommandService.exe

c:program files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe

c:program files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe

c:program files (x86)MotorolaMotoHelperMotoHelperAgent.exe

c:windowsWLXPGSS.SCR

.

**************************************************************************

.

Completion time: 2012-08-11 09:22:33 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-11 15:22

ComboFix2.txt 2012-08-10 21:41

.

Pre-Run: 366,478,860,288 bytes free

Post-Run: 366,391,844,864 bytes free

.

- - End Of File - - 78B00948C478ADE8988ADCB3B10FDDC9

Share this post


Link to post
Share on other sites

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Share this post


Link to post
Share on other sites

Farbar Service Scanner Version: 06-08-2012

Ran by Mullowney (administrator) on 11-08-2012 at 10:33:20

Running from "C:UsersMullowneyDesktop"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Action Center:

============

 

Windows Update:

============

BITS Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

 

 

Windows Autoupdate Disabled Policy:

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:WindowsSystem32nsisvc.dll => MD5 is legit

C:WindowsSystem32driversnsiproxy.sys => MD5 is legit

C:WindowsSystem32dhcpcore.dll => MD5 is legit

C:WindowsSystem32driversafd.sys => MD5 is legit

C:WindowsSystem32driverstdx.sys => MD5 is legit

C:WindowsSystem32Driverstcpip.sys => MD5 is legit

C:WindowsSystem32dnsrslvr.dll => MD5 is legit

C:WindowsSystem32mpssvc.dll => MD5 is legit

C:WindowsSystem32bfe.dll => MD5 is legit

C:WindowsSystem32driversmpsdrv.sys => MD5 is legit

C:WindowsSystem32SDRSVC.dll => MD5 is legit

C:WindowsSystem32vssvc.exe => MD5 is legit

C:WindowsSystem32wscsvc.dll => MD5 is legit

C:WindowsSystem32wbemWMIsvc.dll => MD5 is legit

C:WindowsSystem32wuaueng.dll => MD5 is legit

C:WindowsSystem32qmgr.dll => MD5 is legit

C:WindowsSystem32es.dll => MD5 is legit

C:WindowsSystem32cryptsvc.dll => MD5 is legit

C:Program FilesWindows DefenderMpSvc.dll => MD5 is legit

C:WindowsSystem32ipnathlp.dll => MD5 is legit

C:WindowsSystem32svchost.exe => MD5 is legit

C:WindowsSystem32rpcss.dll => MD5 is legit

 

 

**** End of log ****

Share this post


Link to post
Share on other sites

Farbar Service Scanner Version: 06-08-2012

Ran by Mullowney (administrator) on 11-08-2012 at 15:00:14

Running from "C:UsersMullowneyDesktop"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Action Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

 

 

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

 

 

Windows Autoupdate Disabled Policy:

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:WindowsSystem32nsisvc.dll => MD5 is legit

C:WindowsSystem32driversnsiproxy.sys => MD5 is legit

C:WindowsSystem32dhcpcore.dll => MD5 is legit

C:WindowsSystem32driversafd.sys => MD5 is legit

C:WindowsSystem32driverstdx.sys => MD5 is legit

C:WindowsSystem32Driverstcpip.sys => MD5 is legit

C:WindowsSystem32dnsrslvr.dll => MD5 is legit

C:WindowsSystem32mpssvc.dll => MD5 is legit

C:WindowsSystem32bfe.dll => MD5 is legit

C:WindowsSystem32driversmpsdrv.sys => MD5 is legit

C:WindowsSystem32SDRSVC.dll => MD5 is legit

C:WindowsSystem32vssvc.exe => MD5 is legit

C:WindowsSystem32wscsvc.dll => MD5 is legit

C:WindowsSystem32wbemWMIsvc.dll => MD5 is legit

C:WindowsSystem32wuaueng.dll => MD5 is legit

C:WindowsSystem32qmgr.dll => MD5 is legit

C:WindowsSystem32es.dll => MD5 is legit

C:WindowsSystem32cryptsvc.dll => MD5 is legit

C:Program FilesWindows DefenderMpSvc.dll => MD5 is legit

C:WindowsSystem32ipnathlp.dll => MD5 is legit

C:WindowsSystem32svchost.exe => MD5 is legit

C:WindowsSystem32rpcss.dll => MD5 is legit

 

 

**** End of log ****

Share this post


Link to post
Share on other sites

Hold down your windows key and press R to open a run box. Paste the following line in it and hit OK.

 

services.msc

 

 

Locate the following service, Windows Security Center

  • in the right hand panel click Restart
  • Did the service start or did you recieve an error essage?

Do the same with Windows Updates.

 

Let me know how it went.

Share this post


Link to post
Share on other sites

Windows Update is now working again but Windows Defender still says the application is turned off and when I click to turn it on I receive: Access is Denied (Error Code: 0x080070005).

 

Have we eliminated the virus portion of this issue? Do I need to re-run any virus scans to be sure?

Share this post


Link to post
Share on other sites

I believe the virus to be gone. I also believe we have corrected the corrupted services that had existed. Apparently AVG disables Windows Defender so that it will not interfere with it. We cannot turn it on with AVG installed (Microsoft Security Essentials does the same thing).

 

Let's clean up.

 

Time for some housekeeping

  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Posted Image
The above procedure will:
  • Implement some cleanup procedures.
  • Reset System Restore.

Now to remove most of the tools that we have used in fixing your machine:

  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

Please re-enable any security that was disabled.

 

 

The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

 

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

 

I would also suggest you read this:

So how did I get infected in the first place?

by Tony Klein

 

 

Also: "How to prevent malware"

by miekiemoes

 

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.

Share this post


Link to post
Share on other sites

I re-ran the ESET Virus Scan and it returned:

 

C:FRSTQuarantine{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}U00000008.@ Win64/Agent.BA trojan

C:FRSTQuarantine{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}U000000cb.@ Win64/Conedex.B trojan

C:FRSTQuarantine{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}U80000000.@ Win64/Sirefef.AP trojan

C:FRSTQuarantine{2e3f0c65-d8f0-7a8e-abeb-ebe1d4013792}U80000032.@ a variant of Win32/Sirefef.FD trojan

C:QooboxQuarantineCUsersMullowneyAppDataLocalApple ComputerAdobephjpndw.dll.vir a variant of Win32/Kryptik.AIZQ trojan

C:QooboxQuarantineCWindowsSystem32services.exe.vir Win64/Patched.B.Gen trojan

C:UsersMullowneyAppDataRoamingMozillaFirefoxProfiles1kpp5t6h.defaultextensionstvbbiouerm@tvbbiouerm.org.xpi JS/Redirector.NCA trojan

Share this post


Link to post
Share on other sites

All but the last item are in quarantines that will be removed when you run the cleanup procedures.

 

However... the last item I thought we had already dealt with. I went back and looked and the script didn't work. It is important that when you copy/paste the script - it need to look just like what I gave you. There should be three lines.

 

COMBOFIX-Script

 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

     

    File::
    C:UsersMullowneyAppDataRoamingMozillaFirefoxProfiles1kpp5t6h.defaultextensionstvbbiouerm@tvbbiouerm.org.xpi
    ClearJavaCache::
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Share this post


Link to post
Share on other sites

ComboFix 12-08-10.02 - Mullowney 08/12/2012 8:39.4.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2145 [GMT -6:00]

Running from: c:usersMullowneyDesktopComboFix.exe

Command switches used :: c:usersMullowneyDesktopCFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:usersMullowneyAppDataRoamingMozillaFirefoxProfiles1kpp5t6h.defaultextensionstvbbiouerm@tvbbiouerm.org.xpi"

.

.

((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))

.

.

2012-08-12 14:51 . 2012-08-12 14:51 -------- d-----w- c:usersNicoleAppDataLocaltemp

2012-08-12 14:51 . 2012-08-12 14:51 -------- d-----w- c:userskodakAppDataLocaltemp

2012-08-12 14:51 . 2012-08-12 14:51 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-08-12 02:37 . 2012-05-04 11:00 366592 ----a-w- c:windowssystem32qdvd.dll

2012-08-12 02:37 . 2012-05-04 09:59 514560 ----a-w- c:windowsSysWow64qdvd.dll

2012-08-09 15:39 . 2012-08-09 15:39 -------- d-----w- C:FRST

2012-08-04 16:39 . 2012-08-05 04:11 -------- d-----w- c:usersMullowneyAppDataLocalLogMeIn Rescue Applet

2012-08-03 23:48 . 2012-08-03 23:48 -------- d-sh--w- c:windowsSysWow64%APPDATA%

2012-07-14 23:54 . 2012-07-14 23:54 -------- d-----w- c:usersMullowneyAppDataRoamingCyberLink

2012-07-14 23:07 . 2012-07-14 23:07 -------- d-----w- c:usersNicoleAppDataRoamingSierra Wireless

2012-07-14 23:02 . 2012-07-14 23:02 -------- d-----w- c:usersNicoleAppDataLocalSprint

2012-07-13 15:27 . 2012-06-12 03:08 3148800 ----a-w- c:windowssystem32win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-04 00:01 . 2012-05-07 15:22 426184 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-08-04 00:01 . 2011-06-09 17:12 70344 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-07-13 15:21 . 2010-04-08 16:13 59701280 ----a-w- c:windowssystem32MRT.exe

2012-06-09 05:43 . 2012-07-12 03:11 14172672 ----a-w- c:windowssystem32shell32.dll

2012-06-06 06:06 . 2012-07-12 03:11 2004480 ----a-w- c:windowssystem32msxml6.dll

2012-06-06 06:06 . 2012-07-12 03:11 1881600 ----a-w- c:windowssystem32msxml3.dll

2012-06-06 06:02 . 2012-07-12 03:11 1133568 ----a-w- c:windowssystem32cdosys.dll

2012-06-06 05:05 . 2012-07-12 03:11 1390080 ----a-w- c:windowsSysWow64msxml6.dll

2012-06-06 05:05 . 2012-07-12 03:11 1236992 ----a-w- c:windowsSysWow64msxml3.dll

2012-06-06 05:03 . 2012-07-12 03:11 805376 ----a-w- c:windowsSysWow64cdosys.dll

2012-06-02 22:19 . 2012-06-22 15:51 38424 ----a-w- c:windowssystem32wups.dll

2012-06-02 22:19 . 2012-06-22 15:51 2428952 ----a-w- c:windowssystem32wuaueng.dll

2012-06-02 22:19 . 2012-06-22 15:51 57880 ----a-w- c:windowssystem32wuauclt.exe

2012-06-02 22:19 . 2012-06-22 15:51 44056 ----a-w- c:windowssystem32wups2.dll

2012-06-02 22:19 . 2012-06-22 15:51 701976 ----a-w- c:windowssystem32wuapi.dll

2012-06-02 22:15 . 2012-06-22 15:51 2622464 ----a-w- c:windowssystem32wucltux.dll

2012-06-02 22:15 . 2012-06-22 15:51 99840 ----a-w- c:windowssystem32wudriver.dll

2012-06-02 21:19 . 2012-06-22 15:51 186752 ----a-w- c:windowssystem32wuwebv.dll

2012-06-02 21:15 . 2012-06-22 15:51 36864 ----a-w- c:windowssystem32wuapp.exe

2012-06-02 05:50 . 2012-07-12 03:11 458704 ----a-w- c:windowssystem32driverscng.sys

2012-06-02 05:48 . 2012-07-12 03:11 151920 ----a-w- c:windowssystem32driversksecpkg.sys

2012-06-02 05:48 . 2012-07-12 03:11 95600 ----a-w- c:windowssystem32driversksecdd.sys

2012-06-02 05:45 . 2012-07-12 03:11 340992 ----a-w- c:windowssystem32schannel.dll

2012-06-02 05:44 . 2012-07-12 03:11 307200 ----a-w- c:windowssystem32ncrypt.dll

2012-06-02 04:40 . 2012-07-12 03:11 22016 ----a-w- c:windowsSysWow64secur32.dll

2012-06-02 04:40 . 2012-07-12 03:11 225280 ----a-w- c:windowsSysWow64schannel.dll

2012-06-02 04:39 . 2012-07-12 03:11 219136 ----a-w- c:windowsSysWow64ncrypt.dll

2012-06-02 04:34 . 2012-07-12 03:11 96768 ----a-w- c:windowsSysWow64sspicli.dll

2012-05-30 16:08 . 2012-05-30 16:08 67176 ----a-w- c:windowsSysWow64pxfhwmcp.dll

2012-05-30 16:08 . 2012-05-30 16:08 136808 ----a-w- c:windowsSysWow64PCTIN50.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-10_21.25.10 )))))))))))))))))))))))))))))))))))))))))

.

- 2012-08-10 21:16 . 2012-08-10 21:16 24928 c:windowsSysWOW64configsystemprofileAppDataRoamingSoftGrid ClientIcon Cacheicon_ex.dat

+ 2012-08-12 14:52 . 2012-08-12 14:52 24928 c:windowsSysWOW64configsystemprofileAppDataRoamingSoftGrid ClientIcon Cacheicon_ex.dat

+ 2009-07-14 05:10 . 2012-08-12 12:42 37634 c:windowssystem32wdiBootPerformanceDiagnostics_SystemData.bin

+ 2010-04-08 03:45 . 2012-08-12 12:42 25738 c:windowssystem32wdi{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-3737331042-1631840241-1494535839-1001_UserData.bin

+ 2009-07-14 04:46 . 2012-08-12 12:43 91680 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformCachecache.dat

- 2012-08-10 21:18 . 2012-08-10 21:18 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

+ 2012-08-12 14:53 . 2012-08-12 14:53 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

+ 2012-08-12 14:53 . 2012-08-12 14:53 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

- 2012-08-10 21:18 . 2012-08-10 21:18 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

- 2009-07-14 04:54 . 2012-08-10 16:32 229376 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2009-07-14 04:54 . 2012-08-11 15:25 229376 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2009-07-14 05:01 . 2012-08-10 21:16 443156 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

+ 2009-07-14 05:01 . 2012-08-12 14:52 443156 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

- 2009-07-14 04:54 . 2012-08-10 16:32 4440064 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2009-07-14 04:54 . 2012-08-11 15:25 4440064 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2009-07-14 04:45 . 2012-07-14 16:32 7113171 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformtokens.dat

+ 2009-07-14 04:45 . 2012-08-12 12:42 7113171 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformtokens.dat

+ 2011-11-16 02:56 . 2012-08-12 12:38 1118632 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-S-1-5-21-3737331042-1631840241-1494535839-1001-12288.dat

- 2011-11-16 02:56 . 2012-08-04 14:21 1118632 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-S-1-5-21-3737331042-1631840241-1494535839-1001-12288.dat

- 2009-07-14 04:54 . 2012-08-10 16:32 10420224 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2009-07-14 04:54 . 2012-08-11 15:25 10420224 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2010-11-29 08:10 . 2012-08-12 14:52 41790728 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-S-1-5-21-3737331042-1631840241-1494535839-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINEWow6432Node~Browser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-09 20:15 2074208 ----a-w- c:program files (x86)AVG Secure Search11.1.0.12AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:program files (x86)AVG Secure Search11.1.0.12AVG Secure Search_toolbar.dll" [2012-07-09 2074208]

.

[HKEY_CLASSES_ROOTclsid{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOTAVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOTAVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"swg"="c:program files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2009-12-17 39408]

"Akamai NetSession Interface"="c:usersMullowneyAppDataLocalAkamainetsession_win.exe" [2012-05-26 4327744]

"MobileDocuments"="c:program files (x86)Common FilesAppleInternet Servicesubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"LManager"="c:program files (x86)Launch ManagerLManager.exe" [2009-09-17 1157640]

"BackupManagerTray"="c:program files (x86)NewTech InfosystemsGateway MyBackupBackupManagerTray.exe" [2009-10-29 244480]

"VideoWebCamera"="c:program files (x86)VideoWebCameraVideoWebCamera.exe" [2009-07-28 1507448]

"RemoteControl8"="c:program files (x86)CyberLinkPowerDVD8PDVD8Serv.exe" [2009-04-16 91432]

"PDVD8LanguageShortcut"="c:program files (x86)CyberLinkPowerDVD8LanguageLanguage.exe" [2009-04-16 50472]

"AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2012-04-05 2587008]

"BCSSync"="c:program files (x86)Microsoft OfficeOffice14BCSSync.exe" [2010-03-13 91520]

"ArcSoft Connection Service"="c:program files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe" [2010-10-28 207424]

"Monitor"="c:program files (x86)LeapFrogLeapFrog ConnectMonitor.exe" [2011-11-12 268640]

"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-01-02 843712]

"VMM Mode Selection"="c:program filesHTCModeSelectionVMMModeSelection.exe" [2011-02-14 43520]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-02-21 59240]

"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-01-18 254696]

"vProt"="c:program files (x86)AVG Secure Searchvprot.exe" [2012-07-09 1107552]

"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2012-03-27 421736]

"Sprint SmartView"="c:program files (x86)SprintSprint SmartViewSprintSV.exe" [2012-06-07 75368]

"HP Software Update"="c:program files (x86)HPHP Software UpdateHPWuSchd2.exe" [2011-05-10 49208]

.

c:usersNicoleAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

OpenOffice.org 3.2.lnk - c:program files (x86)OpenOffice.org 3programquickstart.exe [N/A]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

HP Digital Imaging Monitor.lnk - c:program files (x86)HPDigital Imagingbinhpqtra08.exe [2009-11-18 275072]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-04-08 135664]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-04 250056]

R3 bcm;WiMAX Network Adapter;c:windowssystem32DRIVERSdrxvi314_64.sys [2012-03-20 416000]

R3 bcmbusctr;WiMAX Bus Driver;c:windowssystem32DRIVERSBcmBusCtr_64.sys [2012-03-20 64000]

R3 CASprint;Sprint Con App Svc;c:program files (x86)SprintSprint SmartViewConAppsSvc.exe [2012-05-30 124520]

R3 FlyUsb;FLY Fusion;c:windowssystem32DRIVERSFlyUsb.sys [2008-04-01 24576]

R3 gupdatem;Google Update Service (gupdatem);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-04-08 135664]

R3 HtcUsbMdmV64;HTC Proprietary USB Driver;c:windowssystem32DRIVERSHtcUsbMdmV64.sys [2010-03-08 121800]

R3 HtcVCom32;HTC Diagnostic Port;c:windowssystem32DRIVERSHtcVComV64.sys [2010-03-08 121800]

R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:windowssystem32DRIVERSbtblan.sys [2010-01-20 40320]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:program files (x86)Microsoft OfficeOffice14GROOVE.EXE [2011-06-12 31125880]

R3 motccgp;Motorola USB Composite Device Driver;c:windowssystem32DRIVERSmotccgp.sys [2011-04-04 21504]

R3 motccgpfl;MotCcgpFlService;c:windowssystem32DRIVERSmotccgpfl.sys [2009-01-29 9216]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:program files (x86)Mozilla Maintenance Servicemaintenanceservice.exe [2012-07-14 113120]

R3 osppsvc;Office Software Protection Platform;c:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [2010-01-10 4925184]

R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:windowssystem32PCTINDIS5X64.SYS [2010-08-05 43032]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:windowssystem32DriversRtsUStor.sys [2009-09-02 225280]

R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:progra~2VERIZO~1VZACCE~1SMSIVZAM5X64.SYS [2009-05-25 43032]

R3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32DRIVERSVSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:windowssystem32DRIVERSVSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32DRIVERSVSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [2011-05-10 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-04-08 1255736]

S0 AVGIDSHA;AVGIDSHA;c:windowssystem32DRIVERSavgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [2012-01-31 36944]

S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys [2009-07-09 55280]

S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [2012-03-19 383808]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-14 59904]

S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2012-07-04 5160568]

S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2012-02-14 193288]

S2 cvhsvc;Client Virtualization Handler;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE [2012-01-04 822624]

S2 ePowerSvc;Acer ePower Service;c:program filesGatewayGateway Power ManagementePowerSvc.exe [2009-10-29 844320]

S2 Greg_Service;GRegService;c:program files (x86)GatewayRegistrationGregHSRW.exe [2009-08-28 1150496]

S2 HsfXAudioService;HsfXAudioService;c:windowssystem32svchost.exe [2009-07-14 27136]

S2 MotoHelper;MotoHelper Service;c:program files (x86)MotorolaMotoHelperMotoHelperService.exe [2011-04-26 223088]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:program files (x86)NewTech InfosystemsGateway MyBackupIScheduleSvc.exe [2009-10-29 255744]

S2 NvtlService;NovaCore SDK Service;c:program files (x86)Novatel WirelessNovacoreServerNvtlSrvr.exe [2011-02-07 92504]

S2 NWHelper;Novatel Wireless Device Helper ;c:program files (x86)Novatel WirelessDriversNWHelper.exe [2011-03-16 270336]

S2 sftlist;Application Virtualization Client;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe [2011-10-01 508776]

S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:program files (x86)SprintSprint SmartViewSwiCardDetect64.exe [2010-09-22 307568]

S2 UNS;Intel® Management & Security Application User Notification Service;c:program files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2009-09-30 2320920]

S2 Updater Service;Updater Service;c:program filesGatewayGateway UpdaterUpdaterService.exe [2009-07-04 240160]

S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:program files (x86)Common FilesAVG Secure SearchvToolbarUpdater11.2.0ToolbarUpdater.exe [2012-07-09 935008]

S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSavgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSavgidsfiltera.sys [2011-12-23 29776]

S3 CAXHWAZL;CAXHWAZL;c:windowssystem32DRIVERSCAXHWAZL.sys [2009-02-12 292864]

S3 HECIx64;Intel® Management Engine Interface;c:windowssystem32DRIVERSHECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:windowssystem32DRIVERSImpcd.sys [2010-02-27 158976]

S3 IntcDAud;Intel® Display Audio;c:windowssystem32DRIVERSIntcDAud.sys [2011-08-23 317440]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:windowssystem32DRIVERSk57nd60a.sys [2009-08-05 320040]

S3 Sftfs;Sftfs;c:windowssystem32DRIVERSSftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:windowssystem32DRIVERSSftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:windowssystem32DRIVERSSftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:windowssystem32DRIVERSSftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe [2011-10-01 219496]

.

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-12 c:windowsTasksAdobe Flash Player Updater.job

- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-05-07 00:01]

.

2012-08-12 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-04-08 03:58]

.

2012-08-12 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-04-08 03:58]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"IAAnotif"="c:program files (x86)IntelIntel Matrix Storage Manageriaanotif.exe" [2009-10-13 186904]

"Acer ePower Management"="c:program filesGatewayGateway Power ManagementePowerTray.exe" [2009-10-29 822816]

"RtHDVCpl"="c:program filesRealtekAudioHDARAVCpl64.exe" [2009-10-20 8306208]

"SynTPEnh"="c:program files (x86)SynapticsSynTPSynTPEnh.exe" [bU]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2012-01-10 167704]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2012-01-10 392984]

"Persistence"="c:windowssystem32igfxpers.exe" [2012-01-10 417560]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n925l0454z1k5a4402y27q

uLocal Page = c:windowssystem32blank.htm

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n925l0454z1k5a4402y27q

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = <local>;192.168.*.*

IE: E&xport to Microsoft Excel - c:progra~2MICROS~1Office14EXCEL.EXE/3000

IE: Se&nd to OneNote - c:progra~2MICROS~1Office14ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1 205.171.2.25

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:program files (x86)Common FilesAVG Secure SearchViProtocolInstaller11.2.0ViProtocol.dll

FF - ProfilePath - c:usersMullowneyAppDataRoamingMozillaFirefoxProfiles1kpp5t6h.default

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - espn.com

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B86df5736-5c17-4a88-aae1-c35ffdcea91e%7D&mid=4d2b2db3286cdafc3124581446d14737-f118a8ae36c24207e6bdba77c1a93205f2b6f996&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-15%2009%3A33%3A23&sap=ku&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftOfficeCommonSmart TagActions{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftSchema LibraryActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftSchema LibraryActionsPane30]

"Key"="ActionsPane3"

"Location"="c:Program Files (x86)Common FilesMicrosoft SharedVSTOActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0001AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0003AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:program files (x86)Common FilesArcSoftConnection ServiceBinACService.exe

c:program files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

c:program files (x86)LeapFrogLeapFrog ConnectCommandService.exe

c:program files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe

c:program files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe

c:program files (x86)MotorolaMotoHelperMotoHelperAgent.exe

c:windowsWLXPGSS.SCR

.

**************************************************************************

.

Completion time: 2012-08-12 09:11:16 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-12 15:11

ComboFix2.txt 2012-08-11 15:22

ComboFix3.txt 2012-08-10 21:41

.

Pre-Run: 368,010,403,840 bytes free

Post-Run: 367,943,016,448 bytes free

.

- - End Of File - - 6A4FF9251643D78345F82850B760505F

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×