1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan Dropper cmmi help

Discussion in 'Virus & Other Malware Removal' started by Ozito90, Jul 17, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Ozito90

    Ozito90 Thread Starter

    Joined:
    Jul 17, 2012
    Messages:
    1
    Hi,

    I faced a similar problem that other users have with Trojan Dropper cmmi. It seemed to knock out my firewall and avg, shut down my internet at times and install random settings on my computer. I followed the instructions in other threads as closely as possible but I can't read my combofix readout and don't know where to go from here.

    Here are my system specs and the readout.

    I'd appreciate any help!

    Ozie

    *************

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, 64 bit
    Processor: AMD Phenom(tm) II X4 955 Processor, AMD64 Family 16 Model 4 Stepping 3
    Processor Count: 4
    RAM: 4095 Mb
    Graphics Card: ATI Radeon HD 5450, 1024 Mb
    Hard Drives: C: Total - 953766 MB, Free - 348041 MB; E: Total - 953867 MB, Free - 524445 MB;
    Motherboard: BIOSTAR Group, TA785G3+
    Antivirus: None

    ComboFix 12-07-16.01 - Oz 07/16/2012 20:43:59.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2057 [GMT -7:00]
    Running from: c:\users\Oz\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\INSTALL.LOG
    c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml
    c:\program files (x86)\Search Toolbar
    c:\program files (x86)\Search Toolbar\icon.ico
    c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
    c:\users\Oz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DCC6BFF9-3238-4E17-A4FE-B0A9D994057E}.xps
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\chrome.manifest
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\chrome\content\background.html
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\chrome\content\browser.xul
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\chrome\content\crossrider.js
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\chrome\content\crossriderapi.js
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\chrome\content\dialog.js
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\chrome\content\options.js
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\chrome\content\options.xul
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\chrome\content\search_dialog.xul
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\chrome\content\update.html
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\defaults\preferences\prefs.js
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\install.rdf
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\locale\en-US\translations.dtd
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\skin\button1.png
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\skin\button2.png
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\skin\button3.png
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\skin\button4.png
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\skin\button5.png
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\skin\crossrider_statusbar.png
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\skin\icon128.png
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\skin\icon16.png
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\skin\icon24.png
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\skin\icon48.png
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\skin\panelarrow-up.png
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\skin\popup.css
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\skin\popup.html
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\skin\popup_binding.xml
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\skin\skin.css
    c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\extensions\[email protected]\skin\update.css
    c:\users\Oz\Documents\~WRL3783.tmp
    c:\windows\~GLC0000.TMP
    c:\windows\~GLC0001.TMP
    c:\windows\~GLC0002.TMP
    c:\windows\~GLC0003.TMP
    c:\windows\~GLH0000.TMP
    c:\windows\~GLH0001.TMP
    c:\windows\~GLH0002.TMP
    c:\windows\~GLH0003.TMP
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-17 04:02 . 2012-07-17 04:02 -------- d-----w- c:\users\MicrotelEuser\AppData\Local\temp
    2012-07-17 04:02 . 2012-07-17 04:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-17 02:49 . 2012-07-17 02:49 -------- d-----w- c:\users\Oz\AppData\Roaming\IObit
    2012-07-17 02:05 . 2012-07-17 02:05 -------- d-----w- c:\programdata\AVG Secure Search
    2012-07-17 01:38 . 2012-07-17 02:00 -------- d-----w- C:\FRST
    2012-07-17 00:59 . 2012-07-17 00:59 -------- d-----w- c:\program files (x86)\ESET
    2012-07-17 00:02 . 2012-07-17 00:09 -------- d-----w- c:\users\Oz\AppData\Local\NPE
    2012-07-17 00:02 . 2012-07-17 00:02 -------- d-----w- c:\programdata\Norton
    2012-07-15 12:39 . 2012-07-15 12:39 -------- d-----w- c:\users\Oz\AppData\Roaming\AVG2012
    2012-07-15 12:37 . 2012-07-15 12:37 -------- d-----w- c:\users\Oz\AppData\Local\AVG Secure Search
    2012-07-15 12:37 . 2012-07-15 12:37 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
    2012-07-15 12:25 . 2012-07-15 20:28 -------- d-----w- c:\windows\system32\MpEngineStore
    2012-07-15 11:07 . 2012-07-15 11:40 -------- d-----w- c:\programdata\blekko toolbars
    2012-07-15 10:29 . 2012-07-15 10:29 -------- d-----w- c:\users\Oz\AppData\Roaming\Malwarebytes
    2012-07-15 10:29 . 2012-07-15 10:29 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-15 10:29 . 2012-07-15 10:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-15 10:29 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-15 10:07 . 2012-07-15 10:07 -------- d-----w- c:\users\Oz\AppData\Local\blekkotb_031
    2012-07-15 10:07 . 2012-07-15 10:07 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
    2012-07-15 09:59 . 2012-07-15 20:05 -------- d-----w- c:\program files (x86)\PC Tools
    2012-07-15 09:47 . 2012-07-15 20:05 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
    2012-07-15 09:47 . 2012-05-11 18:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2012-07-15 09:46 . 2012-07-15 19:13 -------- d-----w- c:\programdata\PC Tools
    2012-07-15 09:46 . 2012-07-15 09:46 -------- d-----w- c:\users\Oz\AppData\Roaming\TestApp
    2012-07-15 09:26 . 2012-07-15 09:26 -------- d-----w- c:\users\Oz\AppData\Roaming\GetRightToGo
    2012-07-14 23:25 . 2012-07-14 23:25 -------- d-----w- c:\users\Oz\AppData\Roaming\Macrovision
    2012-07-14 19:43 . 2012-07-14 19:43 -------- d-----w- c:\users\Oz\AppData\Local\e-academy Inc
    2012-07-14 19:43 . 2012-07-14 19:43 -------- d-----w- c:\users\Oz\AppData\Roaming\e-academy Inc
    2012-07-13 11:31 . 2012-07-13 11:31 -------- d-----w- c:\program files (x86)\CDisplay
    2012-07-09 02:57 . 2012-07-09 02:58 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
    2012-07-09 02:41 . 2012-07-09 02:41 -------- d-----w- c:\windows\SysWow64\xlive
    2012-07-09 02:17 . 2012-07-09 02:46 -------- d-----w- c:\program files (x86)\BattleshipGame
    2012-07-07 12:45 . 2012-07-07 12:45 -------- d-----w- c:\users\Oz\AppData\Local\Macromedia
    2012-07-01 11:07 . 2012-07-01 11:07 -------- d-----w- c:\users\Oz\AppData\Local\Ironclad Games
    2012-07-01 10:59 . 2012-07-01 10:59 -------- d-----w- c:\programdata\Ironclad Games
    2012-06-27 03:45 . 2012-06-27 03:45 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-06-27 03:45 . 2012-06-27 03:45 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-27 03:45 . 2011-01-17 23:32 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-06-02 22:19 . 2012-06-09 01:09 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-09 01:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-09 01:10 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-09 01:10 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-09 01:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-09 01:09 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-09 01:10 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-09 01:09 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-09 01:09 99840 ----a-w- c:\windows\system32\wudriver.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Oz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Oz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Oz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-20 880496]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
    "ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
    "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-10-01 393216]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-08-28 273528]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-05 311296]
    .
    c:\users\Oz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Oz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
    R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
    R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
    R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [x]
    R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]
    R3 cpuz134;cpuz134;c:\users\Oz\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-18 129976]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-22 45456]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-17 1255736]
    R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
    R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
    R4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
    S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2009-03-05 14136]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-26 270912]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-15 235520]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-15 361984]
    S2 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-15 275832]
    S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-04-15 140160]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
    S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-04-23 136616]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-15 935008]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-02-15 10856960]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-02-15 327680]
    S3 AODDriver2;AODDriver2;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-04-23 52352]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-17 c:\windows\Tasks\AutoSmartDefrag.job
    - c:\program files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2011-01-17 02:08]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 10:38]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 10:38]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1918045763-3703067211-3577931710-1001Core.job
    - c:\users\Oz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 22:13]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1918045763-3703067211-3577931710-1001UA.job
    - c:\users\Oz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 22:13]
    .
    2012-07-15 c:\windows\Tasks\SidebarExecute.job
    - c:\program files\Windows Sidebar\sidebar.exe [2009-07-13 01:39]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Oz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Oz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Oz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Oz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-22 2327952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://cnn.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 10.0.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Oz\AppData\Roaming\Mozilla\Firefox\Profiles\e1nmm6bg.default\
    FF - prefs.js: browser.startup.homepage - hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=C9B6266F5626EABB1F497E50029670BC&tbp=homepage
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5ca2350c-fbe8-4beb-a0b1-83a44998b861%7D&mid=520c811f1bb347d6b7bdd17921bc7d24-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-07-15%2005%3A37%3A25&sap=ku&q=
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112553&tt=060612_7_
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - a8c7fbe90000000000000030675894d7
    FF - user.js: extensions.BabylonToolbar_i.hardId - a8c7fbe90000000000000030675894d7
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15504
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.174:39
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
    BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
    Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG2012\avgtray.exe
    WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
    HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    AddRemove-Star Trek Continuum - c:\program files (x86)\Sierra\Homeworld2\STC_Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-07-16 21:11:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-17 04:11
    .
    Pre-Run: 365,001,695,232 bytes free
    Post-Run: 366,244,749,312 bytes free
    .
    - - End Of File - - 98944724207E8EA55E20564101FDD87C
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1061362