Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Trojan horse Dropper.Generic_c.MMI Virus help


(!)

Mark1956's Avatar
Malware Removal Specialist with 12,433 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
25-Jul-2012, 01:27 AM #16
Ok, please repeat the run of Combofix and make sure nobody touches the system while it is running.
Ibster's Avatar
Ibster Ibster is offline
Member with 13 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
26-Jul-2012, 05:43 PM #17
ComboFix 12-07-21.01 - Family 07/26/2012 18:33:30.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2733 [GMT -3:00]
Running from: c:\users\Family\Desktop\ComboFix.exe
Command switches used :: c:\users\Family\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\Common Files\Spigot\GC\coupons_2.0.crx
c:\program files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.0.crx
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\config.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files (x86)\Common Files\Spigot\Search Settings\wth.dll
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files (x86)\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files (x86)\Common Files\Spigot\wtxpcom\chrome\content\listener.js
c:\program files (x86)\Common Files\Spigot\wtxpcom\chrome\content\listener.xul
c:\program files (x86)\Common Files\Spigot\wtxpcom\chrome\content\shared.jsm
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\chrome.manifest
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\install.rdf
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9
c:\program files (x86)\Common Files\Spigot\wtxpcom\install.rdf
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome.manifest
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\chrome.jar
c:\program files (x86)\YouTube Downloader Toolbar\FF\install.rdf
c:\program files (x86)\YouTube Downloader Toolbar\IE\6.1\config.ini
c:\program files (x86)\YouTube Downloader Toolbar\IE\6.1\youtubedownloaderToolbarIE.dll
c:\program files (x86)\YouTube Downloader Toolbar\Res\amazon.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\dailymotion.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\ebay.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\facebook.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\googleplus.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\hulu.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\icon_settings.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1031.ini
c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1033.ini
c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1034.ini
c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1036.ini
c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1040.ini
c:\program files (x86)\YouTube Downloader Toolbar\Res\metacafe.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\radio-close.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\radio-minimize.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\radiobeta.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search-button-hover.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search-button.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search-chevron-hover.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search-chevron.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_amazon.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_baidu.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_ebay.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_yahoo.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_yandex.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_youtube.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\twitter.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\veoh.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\widgets.xml
c:\program files (x86)\YouTube Downloader Toolbar\Res\youtube.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\ytd.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\ytd_logo.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\ytd_logo_hover.gif
c:\program files (x86)\YouTube Downloader Toolbar\WidgiHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-26 21:34 . 2012-07-26 21:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-26 21:34 . 2012-07-26 21:34 -------- d-----w- c:\users\UpdatusUser.Family-PC\AppData\Local\temp
2012-07-26 21:34 . 2012-07-26 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 02:26 . 2012-07-24 02:26 -------- d-----w- c:\program files (x86)\Application Updater
2012-07-23 17:20 . 2012-07-23 17:20 -------- d-----w- c:\program files (x86)\ESET
2012-07-10 00:28 . 2012-07-10 00:28 -------- d-----w- c:\windows\SysWow64\athan
2012-07-10 00:27 . 2012-07-10 00:28 -------- d-----w- c:\program files (x86)\Athan
2012-07-10 00:21 . 2012-07-10 00:21 -------- d-----w- c:\windows\Ela-Salaty
2012-07-10 00:21 . 2012-07-10 00:28 -------- d-----w- c:\program files (x86)\Ela-Salaty
2012-07-03 02:07 . 2012-07-03 02:07 -------- d-----w- c:\programdata\YTD YouTube Downloader & Converter
2012-07-03 02:07 . 2012-07-03 02:07 -------- d-----w- c:\program files (x86)\GreenTree Applications
2012-07-02 17:47 . 2012-07-14 01:15 -------- d-----w- C:\lyna
2012-07-01 19:56 . 2012-07-01 19:56 -------- d-----w- c:\users\Family\AppData\Local\ZellinTECH
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 14:12 . 2012-03-29 23:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 14:12 . 2011-05-22 19:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 12:50 . 2011-04-02 21:48 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 14:20 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:20 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 14:20 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:20 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:20 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 14:20 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 14:20 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 18:19 . 2012-06-21 14:20 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 18:15 . 2012-06-21 14:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-18 02:47 . 2012-06-14 12:44 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-05-18 02:16 . 2012-06-14 12:44 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-05-18 02:06 . 2012-06-14 12:44 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-14 12:44 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-05-18 01:59 . 2012-06-14 12:44 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-14 12:44 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-18 01:58 . 2012-06-14 12:44 237056 ----a-w- c:\windows\system32\url.dll
2012-05-18 01:56 . 2012-06-14 12:44 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-18 01:55 . 2012-06-14 12:44 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-18 01:55 . 2012-06-14 12:44 818688 ----a-w- c:\windows\system32\jscript.dll
2012-05-18 01:54 . 2012-06-14 12:44 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-05-18 01:51 . 2012-06-14 12:44 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-05-18 01:51 . 2012-06-14 12:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-18 01:47 . 2012-06-14 12:44 248320 ----a-w- c:\windows\system32\ieui.dll
2012-05-17 22:45 . 2012-06-14 12:44 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-14 12:44 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-14 12:44 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-14 12:44 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-14 12:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-15 10:48 . 2012-05-22 19:37 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 19:37 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 19:37 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 19:37 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 19:37 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-22 19:37 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 19:37 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-22 19:37 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 19:37 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-05-22 19:37 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-22 19:37 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-05-22 19:37 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-22 19:37 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-02-10 01:43 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-02-10 01:43 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-02-10 01:43 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-02-10 01:43 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-05-21 09:01 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-02-23 15:28 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2009-07-13 21:59 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2009-06-10 20:37 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2011-11-05 13:34 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-11-05 13:34 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-11-05 13:34 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-11-05 13:34 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-11-05 13:34 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 05:21 . 2012-05-15 05:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-15 01:32 . 2012-06-14 12:43 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 11:06 . 2012-06-14 12:43 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-14 12:43 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-14 12:43 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 12:43 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-14 12:43 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-01 05:40 . 2012-06-14 12:43 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 05:32 . 2012-06-14 12:43 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:55 . 2012-06-14 12:43 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-23_14.36.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-25 00:57 48560 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-25 00:57 38178 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-02 20:51 . 2012-07-25 00:57 12136 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-92979068-4087393340-3763839359-1000_UserData.bin
- 2011-04-02 20:44 . 2012-07-13 10:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2011-04-02 20:44 . 2012-07-25 00:44 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2011-04-02 20:44 . 2012-07-25 00:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2011-04-02 20:44 . 2012-07-13 10:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-25 00:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-13 10:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2012-07-24 02:26 . 2012-07-24 02:26 53248 c:\windows\Installer\{6B1907E6-1CF2-4B54-A0A7-E880927FDCE6}\ARPPRODUCTICON.exe
+ 2012-07-26 21:36 . 2012-07-26 21:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-23 14:36 . 2012-07-23 14:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-26 21:36 . 2012-07-26 21:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-23 14:36 . 2012-07-23 14:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-21 09:05 . 2012-07-25 00:56 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2012-07-21 09:05 . 2012-07-23 14:20 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2011-04-03 06:00 . 2012-07-25 11:38 291216 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-07-21 00:47 624162 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-25 20:06 624162 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-25 20:06 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-21 00:47 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2012-07-13 10:12 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-07-25 00:44 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-07-26 21:34 482824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-23 14:34 482824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-07-23 14:20 1654784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-25 00:56 1654784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-25 00:56 5210112 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-23 14:20 5210112 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2011-04-26 19:41 . 2012-07-23 15:25 8511156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-92979068-4087393340-3763839359-1000-12288.dat
+ 2012-07-24 02:26 . 2012-07-24 02:26 4429312 c:\windows\Installer\253eaa1.msi
+ 2012-07-25 10:33 . 2012-07-25 10:33 7931392 c:\windows\Installer\211600c.msi
+ 2011-04-02 22:05 . 2012-07-26 21:34 47344282 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-92979068-4087393340-3763839359-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"cdloader"="c:\users\Family\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-10 3077528]
"Akamai NetSession Interface"="c:\users\Family\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Athan"="c:\program files (x86)\Athan\Athan.exe" [2011-11-20 1204224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-14 160944]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc. sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 108296]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 19720]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 144648]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 126216]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 123656]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-19 792512]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [2009-02-13 411136]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-16 16:51]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-16 16:51]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-92979068-4087393340-3763839359-1000Core.job
- c:\users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-14 16:51]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-92979068-4087393340-3763839359-1000UA.job
- c:\users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-14 16:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.imesh.net
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\d99poas6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-SearchSettings - c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-07-26 18:41:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-26 21:41
ComboFix2.txt 2012-07-23 14:41
.
Pre-Run: 84,502,839,296 bytes free
Post-Run: 84,444,377,088 bytes free
.
- - End Of File - - A5758E343085E8A9D59C109FBD6BE943
Mark1956's Avatar
Malware Removal Specialist with 12,433 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
27-Jul-2012, 12:55 AM #18
Reduced Functionality Mode is showing at the top of the log, this usually indicates that it has been run in Safe Mode. Any reason why you did that?

Please run it again in Normal Mode with the same instructions.
Ibster's Avatar
Ibster Ibster is offline
Member with 13 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
27-Jul-2012, 11:14 AM #19
Combofix said that it was out of date and offered Reduced Functionality Mode, and I used it. I updated Combofix, and got this log:

ComboFix 12-07-27.03 - Family 07/27/2012 11:40:31.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2372 [GMT -3:00]
Running from: c:\users\Family\Desktop\ComboFix.exe
Command switches used :: c:\users\Family\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\gas\GAS_2012-05-13\1 Biz_GAS_2011\5 Info_GATES\2 BALANCES\_desktop.ini
c:\gas\GAS_2012-05-13\1 Biz_GAS_2011\5 Info_GATES\2 BALANCES\5 GAS Balances\Store_Expense\_desktop.ini
c:\gas\GAS_2012-05-13\1 Biz_GAS_2011\5 Info_GATES\2 BALANCES\Commissions+TTs\_desktop.ini
c:\gas\GAS_2012-05-13\1 Biz_GAS_2011\5 Info_GATES\2 BALANCES\Kadiki\_desktop.ini
c:\gas\GAS_2012-05-13\1 Biz_GAS_2011\8 Dead Biz\X_Drive\Tunsi_Biz\Volvo_Tunsi\Z_Store_Tunsi\Accent_Najeeb\_desktop.ini
c:\gas\GAS_2012-05-13\1 Biz_GAS_2011\8 Dead Biz\X_Drive\Tunsi_Biz\Volvo_Tunsi\Z_Store_Tunsi\China_Vehicles\_desktop.ini
c:\gas\GAS_2012-05-13\1 Biz_GAS_2011\8 Dead Biz\X_Drive\Tunsi_Biz\Volvo_Tunsi\Z_Store_Tunsi\China_Vehicles\4WD Pickup\_desktop.ini
c:\gas\GAS_2012-05-13\1 Biz_GAS_2011\8 Dead Biz\X_Drive\Tunsi_Biz\Volvo_Tunsi\Z_Store_Tunsi\China_Vehicles\Pickup_China \_desktop.ini
c:\gas\GAS_2012-05-13\1 Biz_GAS_2011\8 Dead Biz\X_Drive\Tunsi_Biz\Volvo_Tunsi\Z_Store_Tunsi\Coaster_Najeeb\_desktop.ini
c:\gas\GAS_2012-05-13\1 Biz_GAS_2011\8 Dead Biz\X_Drive\Tunsi_Biz\Volvo_Tunsi\Z_Store_Tunsi\Corolla 300_Tunsi\_desktop.ini
c:\gas\GAS_2012-05-13\1 Biz_GAS_2011\8 Dead Biz\X_Drive\Tunsi_Biz\Volvo_Tunsi\Z_Store_Tunsi\Hiace+Innova_Najeeb\_deskto p.ini
c:\gas\GAS_2012-05-13\1 Biz_GAS_2011\8 Dead Biz\X_Drive\Tunsi_Biz\Volvo_Tunsi\Z_Store_Tunsi\Hyundai\_desktop.ini
c:\gas\GAS_2012-05-13\1 Biz_GAS_2011\8 Dead Biz\X_Drive\Tunsi_Biz\Volvo_Tunsi\Z_Store_Tunsi\Landcruiser Pickup\Land Cruiser\_desktop.ini
c:\gas\GAS_2012-05-13\1 Biz_GAS_2011\8 Dead Biz\X_Drive\Tunsi_Biz\Volvo_Tunsi\Z_Store_Tunsi\Lexus_Avalon\_desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 14:51 . 2012-07-27 14:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-27 14:51 . 2012-07-27 14:51 -------- d-----w- c:\users\UpdatusUser.Family-PC\AppData\Local\temp
2012-07-27 14:51 . 2012-07-27 14:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 02:26 . 2012-07-24 02:26 -------- d-----w- c:\program files (x86)\Application Updater
2012-07-23 17:20 . 2012-07-23 17:20 -------- d-----w- c:\program files (x86)\ESET
2012-07-10 00:28 . 2012-07-10 00:28 -------- d-----w- c:\windows\SysWow64\athan
2012-07-10 00:27 . 2012-07-10 00:28 -------- d-----w- c:\program files (x86)\Athan
2012-07-10 00:21 . 2012-07-10 00:21 -------- d-----w- c:\windows\Ela-Salaty
2012-07-10 00:21 . 2012-07-10 00:28 -------- d-----w- c:\program files (x86)\Ela-Salaty
2012-07-03 02:07 . 2012-07-03 02:07 -------- d-----w- c:\programdata\YTD YouTube Downloader & Converter
2012-07-03 02:07 . 2012-07-03 02:07 -------- d-----w- c:\program files (x86)\GreenTree Applications
2012-07-02 17:47 . 2012-07-14 01:15 -------- d-----w- C:\lyna
2012-07-01 19:56 . 2012-07-01 19:56 -------- d-----w- c:\users\Family\AppData\Local\ZellinTECH
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 14:12 . 2012-03-29 23:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 14:12 . 2011-05-22 19:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 12:50 . 2011-04-02 21:48 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 14:20 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:20 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 14:20 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:20 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:20 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 14:20 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 14:20 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 18:19 . 2012-06-21 14:20 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 18:15 . 2012-06-21 14:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-18 02:47 . 2012-06-14 12:44 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-05-18 02:16 . 2012-06-14 12:44 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-05-18 02:06 . 2012-06-14 12:44 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-14 12:44 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-05-18 01:59 . 2012-06-14 12:44 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-14 12:44 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-18 01:58 . 2012-06-14 12:44 237056 ----a-w- c:\windows\system32\url.dll
2012-05-18 01:56 . 2012-06-14 12:44 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-18 01:55 . 2012-06-14 12:44 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-18 01:55 . 2012-06-14 12:44 818688 ----a-w- c:\windows\system32\jscript.dll
2012-05-18 01:54 . 2012-06-14 12:44 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-05-18 01:51 . 2012-06-14 12:44 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-05-18 01:51 . 2012-06-14 12:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-18 01:47 . 2012-06-14 12:44 248320 ----a-w- c:\windows\system32\ieui.dll
2012-05-17 22:45 . 2012-06-14 12:44 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-14 12:44 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-14 12:44 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-14 12:44 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-14 12:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-15 10:48 . 2012-05-22 19:37 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 19:37 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 19:37 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 19:37 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 19:37 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-22 19:37 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 19:37 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-22 19:37 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 19:37 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-05-22 19:37 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-22 19:37 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-05-22 19:37 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-22 19:37 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-02-10 01:43 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-02-10 01:43 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-02-10 01:43 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-02-10 01:43 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-05-21 09:01 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-02-23 15:28 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2009-07-13 21:59 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2009-06-10 20:37 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2011-11-05 13:34 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-11-05 13:34 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-11-05 13:34 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-11-05 13:34 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-11-05 13:34 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 05:21 . 2012-05-15 05:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-15 01:32 . 2012-06-14 12:43 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 11:06 . 2012-06-14 12:43 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-14 12:43 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-14 12:43 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 12:43 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-14 12:43 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-01 05:40 . 2012-06-14 12:43 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"cdloader"="c:\users\Family\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-10 3077528]
"Akamai NetSession Interface"="c:\users\Family\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Athan"="c:\program files (x86)\Athan\Athan.exe" [2011-11-20 1204224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-14 160944]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc. sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 108296]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 19720]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 144648]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 126216]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 123656]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-19 792512]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [2009-02-13 411136]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-16 16:51]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-16 16:51]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-92979068-4087393340-3763839359-1000Core.job
- c:\users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-14 16:51]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-92979068-4087393340-3763839359-1000UA.job
- c:\users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-14 16:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.imesh.net
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\d99poas6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
Toolbar-10 - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Athan - c:\windows\iun6002.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-27 12:05:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-27 15:05
ComboFix2.txt 2012-07-26 21:41
.
Pre-Run: 108,130,525,184 bytes free
Post-Run: 108,053,606,400 bytes free
.
- - End Of File - - FFA3496A33B815823EA25B98C9F66158
Mark1956's Avatar
Malware Removal Specialist with 12,433 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
27-Jul-2012, 01:30 PM #20
Quote:
Combofix said that it was out of date and offered Reduced Functionality Mode, and I used it. I updated Combofix, and got this log:
We live and learn, I've only ever seen it run in reduced functionality when used in safe mode. Well done for figuring it out.

As you can see, Combofix has removed more of the files from your other user. Considering the detections by both Combofix and Eset I would be suspicious of what they have on your PC, especially taking into account the pirated software found in one of their files. You have uTorrent on the system and I suspect that is what was used to download that pirated software. Using P2P file sharing networks is the easiest way to get a system infected and I would think it quite likely that is how your system got a Rootkit infection.

I would recommend that you take a chunk of hard drive space and create your own partition and reinstall Windows on it as a dual boot with a good strong password. This will give you your own seperate system which will no longer be infected by someone elses unsafe use of the PC.

That being said there is still a little more work to do before we can rap this up.

Your Java and Adobe installs are out of date which is a security risk, please follow these instructions to do the updates. You also have an old version of Google that should be removed. We will follow that by cleaning up the tools used and that will be it, please wait for the instructions as Combofix needs to be uninstalled in a specific manner.

Adobe
Close any programs you may have running - especially your web browser.
Click on Start > Control Panel, double-click on Programs and Features and uninstall the following Adobe entries:

Adobe Flash Player 9

NOTE: For XP click on > Control Panel, double-click on Add or Remove Programs and continue as above.
Then go to this link Adobe Downloads and select the latest version to download and install. You will see this page below, click on the appropriate button for for the Adobe product that was just removed.



You will now see a page similar to this one:



All four Adobe products, Reader, Flash Player, Air and Shockwave Player are set by default to download the version for Windows Operating Systems and for Internet Explorer in English. If you are using a Macintosh, or you want to use the Adobe product with a different Browser or language you must click on the line (as indicated in the above image) to make further selections to meet your requirements.

As you will see in the above image the Adobe Reader is set for Windows 7, please click (as indicated) if you are using a different version of Windows to make further selections. All the other Adobe products are universal and you will only need to change the selection for different Browsers, Languages or for Macintosh.
NOTE: In all the downloads look out for the Google Toolbar and uncheck the box if you do not need it.

Some additional instructions may appear for XP installations. In all cases save the download to your desktop, then close your browser and double click on the Adobe icon on your desktop to install it. If you have any problems installing, disconnect from the internet and disable your Anti Virus and any other security software, instructions for most AV's, etc. can be found here: How to disable security software.

_______________________________________________________________


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java and update.
How to update Java:
Be aware that the act of downloading any Java installer means that you have read and agree to abide by the end users license agreement.
End user licence agreement
First uninstall all existing versions of Java.
  • Go to Start > Control Panel double-click on Add/Remove programs (or Programs and Features) and click on any item with Java, Java(TM), JRE or J2SE in the name.
  • Click the Uninstall, Remove or Change/Remove button and allow it to uninstall.
  • If a User Account Control warning appears click on Allow.
  • Repeat as many times as necessary to remove each and every item.
  • Reboot your computer once all Java components are removed.
NOTE: If you have a 64bit version of Windows and are using the 64bit version of Internet Explorer the Java site will automatically give you the correct Java version using the instructions below, but it is recommended that you use only 32bit browsers and versions of Java. Please read this for further information: Which Java download should I choose for my 64bit operating system?. If you install Java for the 64bit version of Internet Explorer and you use any other browser you will also need to repeat the installation while using your other browser which will most likely be 32bit. If in doubt please ask.

How to install the latest version.
  • Open the browser that you normally use and click on this link: Java Download
  • Click on the big red button Free Java Download
  • On the next page click on the big red button Agree and Start Free Download
  • Select Run whenever the option appears. If no Run option appears click on Save and then when the download completes click on Run. If a User Account Control warning appears click on Continue.
  • When the Welcome to Java window appears click on Install.
  • It may takes several minutes to download the installer depending on the speed of your connection, allow it to complete.
  • If any error messages appear click on OK and then click on the Agree and start free download button again.
  • Please wait for the Java Setup window to appear. Uncheck the box to install the Ask Toolbar and then click on Next.
  • NOTE: The Ask Toolbar option may change without notice to something different, please make sure you uncheck the box for anything else that is offered. On some systems this offer may not appear, in which case, continue with the next instruction.
  • You will then see the Java Setup Progress window and another will appear for JavaFX (on some systems the JavaFX will not appear or be installed). Finally the Java Setup Complete window will appear, click on Close.
  • If a Java page then appears with a button to Verify Java Version click on it and it will verify the installation.
  • The Installation is now complete, please reboot the system.
  • NOTE: The JavaFX component is not required unless you are developing Java applications. It is perfectly safe to keep on your system, but if you wish to uninstall it please do so.

_______________________________________________________________
Please go into Programs and Features via the Control Panel and uninstall this:

Google Chrome 20.0.1132.47
Please make sure you select the correct entry by checking the numbers that follow the name.

Last edited by Mark1956; 27-Jul-2012 at 01:37 PM..
Ibster's Avatar
Ibster Ibster is offline
Member with 13 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
27-Jul-2012, 03:36 PM #21
There was no google chrome with those numbers; I only found Google Chrome 20.0.1132.57, so I didn't uninstall it. I got everything else done.
Mark1956's Avatar
Malware Removal Specialist with 12,433 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
28-Jul-2012, 01:05 AM #22
Ok, you did the right thing with Google, I'm not sure how or why Security Check showed an older version, but not to worry.

Please continue with these instructions and we are nearly done.

To re-enable your CD Emulation drivers if you disabled them, double click DeFogger.exe to run the tool again.
  • The application window will appear.
  • Click the Re-enable button to re-enable your CD Emulation drivers.
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK.
  • DeFogger will now ask to reboot the machine...click OK.
To uninstall ComboFix, press the WINKEY + R keys on your keyboard or click on Start , type Run into the search box and hit Enter.
In the Run box type: ComboFix /Uninstall (Be sure to leave a space before the forward slash).
  • Click on OK.
  • If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to Uninstall.exe, then double-click on it to remove.
  • This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and create a new Restore point.
  • When it has finished you will see a dialog box stating that "ComboFix has been uninstalled".
  • After that, you can delete the ComboFix.exe program from your computer (Desktop).
Next
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program.
    If you are using Vista or Windows 7, please right-click and choose Run as Administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
-- Doing this will remove any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).

Please post back when this is complete and let me know if you have had any problems.
Ibster's Avatar
Ibster Ibster is offline
Member with 13 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
28-Jul-2012, 10:59 AM #23
I have done as you said. Everything went fine, and everything is working fine. Thank you very much for your assistance, especially as a volunteer. I will now mark this as solved.
Mark1956's Avatar
Malware Removal Specialist with 12,433 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
28-Jul-2012, 12:53 PM #24
Yup, that's it, we are done and you're welcome.

I shall just leave you with some security advice to help keep your PC better protected.
Please feel free to post back if you have any remaining issues or concerns.

There are many places where you will find security advice, but most are biased towards a particuler item of software that they are trying to promote. I have given some unbiased advice below that shoud help keep you better protected. Unfortunately there is no "best protection", new Malware is being produced every minute of the day so it is a cat & mouse game for all security software vendors to keep up with the latest infections.

It has always been the case that what one Anti Virus program will detect another one will miss and vice versa. That being said, never be tempted to install more than one Anti Virus program thinking that will give you better protection as in fact the reverse is true. Two or more AV programs will (in most cases) conflict with each other, slow your system down and actually reduce your security level. Don't assume that your present Anti Virus is no good on the grounds that you got infected, if I have seen you are using a poor Anti Virus I will have advised you earlier in the thread. There are a lot of nasty infections out there waiting to jump onto a PC and with some of the newest infections there is very little that will block them. Fortunately there are those who dedicate their spare time, for little reward, in making the tools we use here to remove these infections. It is those people that we have to thank as without them a reinstall would be the only way out.

Some additional security measures.
If your present security software does not include a third party Firewall or AntiSpyware.
Go Here for a selection of third party Firewalls.
Go Here or Here for Anti Spyware.

Malwarebytes free version (which you may have used during this thread) is worth having for regular scans of your system, always check for updates before using it. If you can afford the Malwarebytes Pro version it will provide even better protection with a full time active scanner. Never have more than one active anti virus, anti spyware or firewall running on your system as it can cause conflicts and slow down the PC. You can safely run the Pro version of Malwarebytes with any Anti Virus software.

WOT (Web OF Trust) Will warn you (in most cases) about dangerous web sites.

Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular"among criminals.

WinPatrol is a useful facility to have. WinPatrol takes snapshots of your critical system resources and alerts you to any changes that may occur without your knowledge. It can also be used to control all your start up programs.

Finally, make sure that Windows Update is turned on as many updates are to fix newly discovered security holes in the Windows Operating System. You should also make sure that any Java or Adobe products are kept up to date and any old versions are uninstalled. Never use Registry Cleaners as they can and do damage the systems registry and stay well clear of P2P file sharing sites as these are one of the best places to get your PC infected.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
beginner, dropper.generic_c.mmi, infection, trojan horse, virus

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑