Trojan Dropper cmmi help

Ozito90 · 17-Jul-2012, 12:54 AM #1

Hi,

I faced a similar problem that other users have with Trojan Dropper cmmi. It seemed to knock out my firewall and avg, shut down my internet at times and install random settings on my computer. I followed the instructions in other threads as closely as possible but I can't read my combofix readout and don't know where to go from here.

Here are my system specs and the readout.

I'd appreciate any help!

Ozie

*************

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, 64 bit
Processor: AMD Phenom(tm) II X4 955 Processor, AMD64 Family 16 Model 4 Stepping 3
Processor Count: 4
RAM: 4095 Mb
Graphics Card: ATI Radeon HD 5450, 1024 Mb
Hard Drives: C: Total - 953766 MB, Free - 348041 MB; E: Total - 953867 MB, Free - 524445 MB;
Motherboard: BIOSTAR Group, TA785G3+
Antivirus: None

ComboFix 12-07-16.01 - Oz 07/16/2012 20:43:59.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2057 [GMT -7:00]
Running from: c:\users\Oz\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\INSTALL.LOG
c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\users\Oz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DCC6BFF9-3238-4E17-A4FE-B0A9D994057E}.xps
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\chrome.manifest
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\chrome\content\background.html
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\chrome\content\browser.xul
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\chrome\content\crossrider.js
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\chrome\content\crossriderapi.js
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\chrome\content\dialog.js
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\chrome\content\options.js
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\chrome\content\options.xul
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\chrome\content\search_dialog.xul
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\chrome\content\update.html
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\defaults\preferences\prefs.js
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\install.rdf
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\locale\en-US\translations.dtd
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\skin\button1.png
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\skin\button2.png
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\skin\button3.png
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\skin\button4.png
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\skin\button5.png
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\skin\crossrider_statusbar.png
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\skin\icon128.png
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\skin\icon16.png
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\skin\icon24.png
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\skin\icon48.png
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\skin\panelarrow-up.png
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\skin\popup.css
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\skin\popup.html
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\skin\popup_binding.xml
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\skin\skin.css
c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\exten sions\crossriderapp3491@crossrider.com\skin\update.css
c:\users\Oz\Documents\~WRL3783.tmp
c:\windows\~GLC0000.TMP
c:\windows\~GLC0001.TMP
c:\windows\~GLC0002.TMP
c:\windows\~GLC0003.TMP
c:\windows\~GLH0000.TMP
c:\windows\~GLH0001.TMP
c:\windows\~GLH0002.TMP
c:\windows\~GLH0003.TMP
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-17 04:02 . 2012-07-17 04:02 -------- d-----w- c:\users\MicrotelEuser\AppData\Local\temp
2012-07-17 04:02 . 2012-07-17 04:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 02:49 . 2012-07-17 02:49 -------- d-----w- c:\users\Oz\AppData\Roaming\IObit
2012-07-17 02:05 . 2012-07-17 02:05 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-17 01:38 . 2012-07-17 02:00 -------- d-----w- C:\FRST
2012-07-17 00:59 . 2012-07-17 00:59 -------- d-----w- c:\program files (x86)\ESET
2012-07-17 00:02 . 2012-07-17 00:09 -------- d-----w- c:\users\Oz\AppData\Local\NPE
2012-07-17 00:02 . 2012-07-17 00:02 -------- d-----w- c:\programdata\Norton
2012-07-15 12:39 . 2012-07-15 12:39 -------- d-----w- c:\users\Oz\AppData\Roaming\AVG2012
2012-07-15 12:37 . 2012-07-15 12:37 -------- d-----w- c:\users\Oz\AppData\Local\AVG Secure Search
2012-07-15 12:37 . 2012-07-15 12:37 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-15 12:25 . 2012-07-15 20:28 -------- d-----w- c:\windows\system32\MpEngineStore
2012-07-15 11:07 . 2012-07-15 11:40 -------- d-----w- c:\programdata\blekko toolbars
2012-07-15 10:29 . 2012-07-15 10:29 -------- d-----w- c:\users\Oz\AppData\Roaming\Malwarebytes
2012-07-15 10:29 . 2012-07-15 10:29 -------- d-----w- c:\programdata\Malwarebytes
2012-07-15 10:29 . 2012-07-15 10:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-15 10:29 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-15 10:07 . 2012-07-15 10:07 -------- d-----w- c:\users\Oz\AppData\Local\blekkotb_031
2012-07-15 10:07 . 2012-07-15 10:07 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-07-15 09:59 . 2012-07-15 20:05 -------- d-----w- c:\program files (x86)\PC Tools
2012-07-15 09:47 . 2012-07-15 20:05 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-15 09:47 . 2012-05-11 18:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-07-15 09:46 . 2012-07-15 19:13 -------- d-----w- c:\programdata\PC Tools
2012-07-15 09:46 . 2012-07-15 09:46 -------- d-----w- c:\users\Oz\AppData\Roaming\TestApp
2012-07-15 09:26 . 2012-07-15 09:26 -------- d-----w- c:\users\Oz\AppData\Roaming\GetRightToGo
2012-07-14 23:25 . 2012-07-14 23:25 -------- d-----w- c:\users\Oz\AppData\Roaming\Macrovision
2012-07-14 19:43 . 2012-07-14 19:43 -------- d-----w- c:\users\Oz\AppData\Local\e-academy Inc
2012-07-14 19:43 . 2012-07-14 19:43 -------- d-----w- c:\users\Oz\AppData\Roaming\e-academy Inc
2012-07-13 11:31 . 2012-07-13 11:31 -------- d-----w- c:\program files (x86)\CDisplay
2012-07-09 02:57 . 2012-07-09 02:58 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-07-09 02:41 . 2012-07-09 02:41 -------- d-----w- c:\windows\SysWow64\xlive
2012-07-09 02:17 . 2012-07-09 02:46 -------- d-----w- c:\program files (x86)\BattleshipGame
2012-07-07 12:45 . 2012-07-07 12:45 -------- d-----w- c:\users\Oz\AppData\Local\Macromedia
2012-07-01 11:07 . 2012-07-01 11:07 -------- d-----w- c:\users\Oz\AppData\Local\Ironclad Games
2012-07-01 10:59 . 2012-07-01 10:59 -------- d-----w- c:\programdata\Ironclad Games
2012-06-27 03:45 . 2012-06-27 03:45 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-27 03:45 . 2012-06-27 03:45 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-27 03:45 . 2011-01-17 23:32 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-09 01:09 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-09 01:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-09 01:10 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-09 01:10 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-09 01:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-09 01:09 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-09 01:10 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-09 01:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-09 01:09 99840 ----a-w- c:\windows\system32\wudriver.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Oz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Oz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Oz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-20 880496]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-10-01 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-08-28 273528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-05 311296]
.
c:\users\Oz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Oz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]
R3 cpuz134;cpuz134;c:\users\Oz\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-18 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-22 45456]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-17 1255736]
R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
R4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2009-03-05 14136]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-26 270912]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-15 235520]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-15 361984]
S2 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-15 275832]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-04-15 140160]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-04-23 136616]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-15 935008]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-02-15 10856960]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-02-15 327680]
S3 AODDriver2;AODDriver2;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-04-23 52352]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\AutoSmartDefrag.job
- c:\program files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2011-01-17 02:08]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 10:38]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 10:38]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1918045763-3703067211-3577931710-1001Core.job
- c:\users\Oz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 22:13]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1918045763-3703067211-3577931710-1001UA.job
- c:\users\Oz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 22:13]
.
2012-07-15 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2009-07-13 01:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Oz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Oz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Oz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Oz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-22 2327952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://cnn.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\
FF - prefs.js: browser.startup.homepage - hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=C9B6266F5626EABB1F497E50029670BC& tbp=homepage
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5ca2350c-fbe8-4beb-a0b1-83a44998b861%7D&mid=520c811f1bb347d6b7bdd17921bc7d24-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d =2012-07-15%2005%3A37%3A25&sap=ku&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112553&tt=060612_7_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a8c7fbe90000000000000030675894d7
FF - user.js: extensions.BabylonToolbar_i.hardId - a8c7fbe90000000000000030675894d7
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15504
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.174:39
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG2012\avgtray.exe
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-Star Trek Continuum - c:\program files (x86)\Sierra\Homeworld2\STC_Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
.
**************************************************************************
.
Completion time: 2012-07-16 21:11:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-17 04:11
.
Pre-Run: 365,001,695,232 bytes free
Post-Run: 366,244,749,312 bytes free
.
- - End Of File - - 98944724207E8EA55E20564101FDD87C

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Trojan Dropper cmmi help

Find the solution to your computer problem!

Find the solution to your
computer problem!