Link to old thread:
http://www.techsupportforum.com/foru...ms-677954.html
With the holidays, etc. I have been really busy and unable to get back to you.
Anyways, ComboFix finally ran:
ComboFix 12-12-26.02 - Josh 12/26/2012 23:48:39.12.2 - x86 NETWORK
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3326.2728 [GMT -5:00]
Running from: c:\users\Josh\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-27 to 2012-12-27 )))))))))))))))))))))))))))))))
.
.
2012-12-27 06:09 . 2012-12-27 09:54 -------- d-----w- c:\users\Josh\AppData\Local\temp
2012-12-27 06:09 . 2012-12-27 06:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-18 00:29 . 2012-12-18 00:29 -------- d-----w- c:\users\Josh\AppData\Local\ElevatedDiagnostics
2012-12-17 11:23 . 2012-12-17 11:24 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DAEE3E2-B5B6-46DB-BB2E-C8FC78381405}\offreg.dll
2012-12-17 04:56 . 2012-12-17 04:56 -------- d-----w- c:\program files\Bitdefender
2012-12-17 04:52 . 2012-12-17 04:56 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-12-17 04:48 . 2012-12-17 05:00 -------- d-----w- c:\users\Josh\AppData\Roaming\QuickScan
2012-12-16 21:14 . 2012-12-16 21:14 -------- d-----w- c:\users\Josh\AppData\Local\WindowsUpdate
2012-12-16 01:30 . 2012-12-16 01:30 -------- d--h--w- c:\windows\msdownld.tmp
2012-12-16 01:30 . 2012-12-16 01:30 -------- d-----w- C:\Games
2012-12-15 05:04 . 2012-12-15 05:04 -------- d-----w- c:\program files\Common Files\Java
2012-12-15 05:03 . 2012-12-15 05:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-14 14:39 . 2012-12-14 14:39 -------- d-----w- c:\program files\Cisco
2012-12-14 14:38 . 2012-06-06 03:35 602216 ----a-r- c:\windows\system32\drivers\rtl8192cu.sys
2012-12-14 14:38 . 2009-03-31 19:31 380928 ----a-w- c:\windows\RtlUI2.exe
2012-12-14 14:38 . 2009-04-02 15:27 188416 ----a-w- c:\windows\system32\RTLExtUI.dll
2012-12-14 14:38 . 2008-07-01 17:31 614400 ----a-w- c:\windows\system32\Rtlihvs.dll
2012-12-14 14:37 . 2009-02-05 07:49 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2012-12-14 05:03 . 2012-12-14 05:03 -------- d-----w- C:\_OTL
2012-12-14 05:02 . 2012-12-14 05:02 -------- d-----w- c:\program files\ERUNT
2012-12-10 14:41 . 2012-12-10 14:41 -------- d-----w- c:\users\Josh\AppData\Local\PSREdit
2012-12-10 14:40 . 2012-12-10 14:40 -------- d-----w- c:\program files\PSREdit
2012-12-08 05:38 . 2012-12-08 05:38 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-12-08 05:38 . 2012-12-08 05:38 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-12-08 05:38 . 2012-01-18 17:15 2580552 ----a-w- c:\windows\system32\pbsvc.exe
2012-12-04 05:42 . 2012-12-04 05:42 -------- d--h--w- c:\windows\PIF
2012-12-04 05:41 . 2012-12-04 05:41 -------- d-----w- C:\Vageta
2012-12-03 19:41 . 2012-12-03 19:41 -------- d-----w- c:\users\Josh\AppData\Local\Google
2012-12-01 12:49 . 2012-12-15 05:40 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-12-01 12:49 . 2012-12-01 12:49 -------- d-----w- c:\users\Josh\AppData\Roaming\Malwarebytes
2012-12-01 12:49 . 2012-12-01 12:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-01 12:49 . 2012-12-01 12:49 -------- d-----w- c:\programdata\Malwarebytes
2012-12-01 12:49 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-28 12:12 . 2012-11-28 12:12 -------- d-----w- c:\users\Josh\AppData\Local\ESN
2012-11-28 02:30 . 2012-11-28 12:08 -------- d-----w- c:\users\Josh\AppData\Local\Origin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-22 18:39 . 2011-07-09 18:26 281152 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-12-16 21:49 . 2011-10-04 05:50 138904 ----a-w- c:\users\Josh\AppData\Roaming\PnkBstrK.sys
2012-12-15 05:02 . 2012-07-06 16:09 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-15 05:02 . 2011-06-09 15:27 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-01 23:02 . 2012-11-01 23:02 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-12 20:54 . 2011-07-09 18:26 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-10-09 00:15 . 2012-09-01 12:43 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 00:15 . 2011-06-09 15:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 18:24 . 2012-09-30 18:24 100864 ----a-w- C:\pwtdypow.sys
2007-07-24 23:03 . 2007-07-24 23:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2012-12-15 04:53 . 2012-09-07 21:18 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2012-04-16 67960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Motorola Application Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Motorola Application Launcher.lnk
backup=c:\windows\pss\Motorola Application Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GoZone iSync.lnk]
path=c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk
backup=c:\windows\pss\GoZone iSync.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 22:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 12:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 01:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 03:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 17:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
2012-04-16 18:27 67960 ----a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-07 00:29 1354736 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
2011-08-03 13:23 828944 ----a-w- c:\program files\TightVNC\tvnserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 00:15]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-01 23:59]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-01 23:59]
.
2012-12-25 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-07-30 18:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3rdwtslb.default\
FF - prefs.js: browser.search.selectedEngine -
FF - ExtSQL: 2012-12-16 23:48; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3rdwtslb.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DriverFinder - c:\program files\DriverFinder\DriverFinder.exe
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-a0bfc337aef64d13362b0d8ff8a0c5f6 - c:\users\Josh\DOWNLO~1\GTS_SE~3.EXE
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe
MSConfigStartUp-Google Update - c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe
AddRemove-Aces High - c:\hitech~1\ACESHI~1\UNWISE.EXE
AddRemove-Backyard Baseball 2003 - c:\hegames\Baseball 2003\Uninst.isu
AddRemove-FreeWorkz - c:\program files\FreeWorkz\Uninstaller.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
AddRemove-{0C1DD35C-59F6-4292-9E61-823286BF31E1}_is1 - c:\program files\Shop To Win\unins000.exe
AddRemove-Uncompressor - c:\progra~1\UNCOMP~1\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-12-27 04:54
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(168)
c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-12-27 04:59:21
ComboFix-quarantined-files.txt 2012-12-27 09:59
.
Pre-Run: 51,517,628,416 bytes free
Post-Run: 87,545,225,216 bytes free
.
- - End Of File - - 28D91D228CAAF7E864B15B7898F6CD9E
http://www.techsupportforum.com/foru...ms-677954.html
With the holidays, etc. I have been really busy and unable to get back to you.
Anyways, ComboFix finally ran:
ComboFix 12-12-26.02 - Josh 12/26/2012 23:48:39.12.2 - x86 NETWORK
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3326.2728 [GMT -5:00]
Running from: c:\users\Josh\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-27 to 2012-12-27 )))))))))))))))))))))))))))))))
.
.
2012-12-27 06:09 . 2012-12-27 09:54 -------- d-----w- c:\users\Josh\AppData\Local\temp
2012-12-27 06:09 . 2012-12-27 06:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-18 00:29 . 2012-12-18 00:29 -------- d-----w- c:\users\Josh\AppData\Local\ElevatedDiagnostics
2012-12-17 11:23 . 2012-12-17 11:24 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DAEE3E2-B5B6-46DB-BB2E-C8FC78381405}\offreg.dll
2012-12-17 04:56 . 2012-12-17 04:56 -------- d-----w- c:\program files\Bitdefender
2012-12-17 04:52 . 2012-12-17 04:56 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-12-17 04:48 . 2012-12-17 05:00 -------- d-----w- c:\users\Josh\AppData\Roaming\QuickScan
2012-12-16 21:14 . 2012-12-16 21:14 -------- d-----w- c:\users\Josh\AppData\Local\WindowsUpdate
2012-12-16 01:30 . 2012-12-16 01:30 -------- d--h--w- c:\windows\msdownld.tmp
2012-12-16 01:30 . 2012-12-16 01:30 -------- d-----w- C:\Games
2012-12-15 05:04 . 2012-12-15 05:04 -------- d-----w- c:\program files\Common Files\Java
2012-12-15 05:03 . 2012-12-15 05:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-14 14:39 . 2012-12-14 14:39 -------- d-----w- c:\program files\Cisco
2012-12-14 14:38 . 2012-06-06 03:35 602216 ----a-r- c:\windows\system32\drivers\rtl8192cu.sys
2012-12-14 14:38 . 2009-03-31 19:31 380928 ----a-w- c:\windows\RtlUI2.exe
2012-12-14 14:38 . 2009-04-02 15:27 188416 ----a-w- c:\windows\system32\RTLExtUI.dll
2012-12-14 14:38 . 2008-07-01 17:31 614400 ----a-w- c:\windows\system32\Rtlihvs.dll
2012-12-14 14:37 . 2009-02-05 07:49 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2012-12-14 05:03 . 2012-12-14 05:03 -------- d-----w- C:\_OTL
2012-12-14 05:02 . 2012-12-14 05:02 -------- d-----w- c:\program files\ERUNT
2012-12-10 14:41 . 2012-12-10 14:41 -------- d-----w- c:\users\Josh\AppData\Local\PSREdit
2012-12-10 14:40 . 2012-12-10 14:40 -------- d-----w- c:\program files\PSREdit
2012-12-08 05:38 . 2012-12-08 05:38 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-12-08 05:38 . 2012-12-08 05:38 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-12-08 05:38 . 2012-01-18 17:15 2580552 ----a-w- c:\windows\system32\pbsvc.exe
2012-12-04 05:42 . 2012-12-04 05:42 -------- d--h--w- c:\windows\PIF
2012-12-04 05:41 . 2012-12-04 05:41 -------- d-----w- C:\Vageta
2012-12-03 19:41 . 2012-12-03 19:41 -------- d-----w- c:\users\Josh\AppData\Local\Google
2012-12-01 12:49 . 2012-12-15 05:40 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-12-01 12:49 . 2012-12-01 12:49 -------- d-----w- c:\users\Josh\AppData\Roaming\Malwarebytes
2012-12-01 12:49 . 2012-12-01 12:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-01 12:49 . 2012-12-01 12:49 -------- d-----w- c:\programdata\Malwarebytes
2012-12-01 12:49 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-28 12:12 . 2012-11-28 12:12 -------- d-----w- c:\users\Josh\AppData\Local\ESN
2012-11-28 02:30 . 2012-11-28 12:08 -------- d-----w- c:\users\Josh\AppData\Local\Origin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-22 18:39 . 2011-07-09 18:26 281152 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-12-16 21:49 . 2011-10-04 05:50 138904 ----a-w- c:\users\Josh\AppData\Roaming\PnkBstrK.sys
2012-12-15 05:02 . 2012-07-06 16:09 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-15 05:02 . 2011-06-09 15:27 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-01 23:02 . 2012-11-01 23:02 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-12 20:54 . 2011-07-09 18:26 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-10-09 00:15 . 2012-09-01 12:43 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 00:15 . 2011-06-09 15:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 18:24 . 2012-09-30 18:24 100864 ----a-w- C:\pwtdypow.sys
2007-07-24 23:03 . 2007-07-24 23:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2012-12-15 04:53 . 2012-09-07 21:18 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2012-04-16 67960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Motorola Application Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Motorola Application Launcher.lnk
backup=c:\windows\pss\Motorola Application Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GoZone iSync.lnk]
path=c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk
backup=c:\windows\pss\GoZone iSync.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Josh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 22:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 12:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 01:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 03:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 17:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
2012-04-16 18:27 67960 ----a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-07 00:29 1354736 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
2011-08-03 13:23 828944 ----a-w- c:\program files\TightVNC\tvnserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 00:15]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-01 23:59]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-01 23:59]
.
2012-12-25 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-07-30 18:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3rdwtslb.default\
FF - prefs.js: browser.search.selectedEngine -
FF - ExtSQL: 2012-12-16 23:48; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\3rdwtslb.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DriverFinder - c:\program files\DriverFinder\DriverFinder.exe
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-a0bfc337aef64d13362b0d8ff8a0c5f6 - c:\users\Josh\DOWNLO~1\GTS_SE~3.EXE
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe
MSConfigStartUp-Google Update - c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe
AddRemove-Aces High - c:\hitech~1\ACESHI~1\UNWISE.EXE
AddRemove-Backyard Baseball 2003 - c:\hegames\Baseball 2003\Uninst.isu
AddRemove-FreeWorkz - c:\program files\FreeWorkz\Uninstaller.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
AddRemove-{0C1DD35C-59F6-4292-9E61-823286BF31E1}_is1 - c:\program files\Shop To Win\unins000.exe
AddRemove-Uncompressor - c:\progra~1\UNCOMP~1\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-12-27 04:54
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(168)
c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-12-27 04:59:21
ComboFix-quarantined-files.txt 2012-12-27 09:59
.
Pre-Run: 51,517,628,416 bytes free
Post-Run: 87,545,225,216 bytes free
.
- - End Of File - - 28D91D228CAAF7E864B15B7898F6CD9E