Hello, I would appreciate if somebody could take a look at these logs. Cleaned some stuff out with MBAM, and went ahead and ran Combofix but still had some google searches redirecting to some strange ip addresses. Changed the proxy setting from 127.0.0.1 to No Proxy or automatic in firefox and IE and the problem finally subsided. I ran GMER and nothing was found, and I have included MBAM, Combofix and DDS logs.
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.14.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
GTuomey :: 75S4LQ1-GTLT [administrator]
9/14/2012 8:01:13 PM
mbam-log-2012-09-14 (20-01-13).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 322584
Time elapsed: 35 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ofaptc (Trojan.RedirRdll2.Gen) -> Data: "C:\Windows\System32\rundll32.exe" "C:\Users\GTuomey\AppData\Roaming\ofaptc.dll",VecAddFontMapper -> Quarantined and deleted successfully.
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\GTuomey\AppData\Local\{59c2e666-b23d-69c2-70d8-cd1ff49882a6}\U\800000cb.@ (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Users\GTuomey\Downloads\pandora radio setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully.
(end)
ComboFix 12-09-14.03 - GTuomey 09/14/2012 23:08:47.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3993.2455 [GMT -4:00]
Running from: c:\users\GTuomey\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Sunbelt VIPRE *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyTune.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\program files (x86)\RadioRage_4j
c:\program files (x86)\RadioRage_4j\bar\1.bin\chrome\4jffxtbr.jar
c:\program files (x86)\RadioRage_4j\bar\2.bin\CHROME.MANIFEST
c:\program files (x86)\RadioRage_4j\bar\2.bin\chrome\4jffxtbr.jar
c:\program files (x86)\RadioRage_4j\bar\2.bin\INSTALL.RDF
c:\program files (x86)\RadioRage_4j\bar\2.bin\LOGO.BMP
c:\program files (x86)\RadioRage_4j\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\RadioRage_4j\bar\Message\COMMON.T8S
c:\program files (x86)\RadioRage_4j\bar\Settings\s_pid.dat
c:\program files (x86)\RadioRage_4jEI
c:\users\GTuomey\AppData\Roaming\nasofw.dll
c:\users\GTuomey\AppData\Roaming\pifap.dll
c:\windows\SysWow64\instsrv.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-15 03:02 . 2012-09-15 03:02 -------- d-----w- c:\users\GTuomey\AppData\Local\Macromedia
2012-09-15 03:02 . 2012-09-15 03:02 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-15 00:10 . 2012-09-15 00:10 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-15 00:10 . 2012-09-15 00:10 -------- d-----w- c:\program files (x86)\Java
2012-09-15 00:08 . 2012-09-15 00:08 -------- d-----w- c:\programdata\McAfee
2012-09-04 19:17 . 2012-09-04 19:17 -------- d-----w- c:\users\GTuomey\AppData\Local\AVG Secure Search
2012-09-04 19:17 . 2012-09-04 19:17 -------- d-----w- c:\programdata\AVG Secure Search
2012-09-04 19:16 . 2012-09-04 19:16 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-09-04 19:16 . 2012-09-04 19:16 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-09-04 19:16 . 2012-09-04 19:17 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-09-04 19:16 . 2012-09-04 19:16 -------- d--h--w- c:\programdata\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-15 03:02 . 2011-12-24 13:37 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-15 00:10 . 2011-06-16 09:19 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-07 21:04 . 2011-06-24 14:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-11 00:07 . 2011-06-27 18:22 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-11 00:07 . 2011-06-27 18:22 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-07-11 00:07 . 2011-06-27 18:22 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-06-30 12:36 . 2012-06-30 12:36 407104 ----a-w- c:\windows\SysWow64\mshflxgd.ocx
2012-06-30 12:36 . 2012-06-30 12:36 203976 ----a-w- c:\windows\SysWow64\richtx32.ocx
2012-06-30 12:36 . 2012-06-30 12:36 185344 ----a-w- c:\windows\SysWow64\wbem\framedyn.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-04 19:16 2045024 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-09-04 2045024]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SBAMTray"="c:\program files (x86)\Sunbelt Software\SBEAgent\SBAMTray.exe" [2010-09-24 1332560]
"T-Mobile webConnect Manager"="c:\program files (x86)\T-Mobile\webConnect Manager\TMobileCM.exe" [2011-01-20 12800]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-04 1162848]
"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-09-04 1020512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SBAMSvc;VIPRE Enterprise Agent;c:\program files (x86)\Sunbelt Software\SBEAgent\SBAMSvc.exe [2010-09-24 2763080]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-15 250568]
R3 CATmobile;T-Mobile Con App Svc;c:\program files (x86)\T-Mobile\webConnect Manager\conappssvc.exe [2010-12-22 118784]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 13952]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-09-01 256000]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;c:\windows\system32\DRIVERS\NWRmNet_001.sys [2010-12-10 295424]
R3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;c:\windows\system32\DRIVERS\nwusbmdm_001.sys [2010-12-10 217856]
R3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;c:\windows\system32\DRIVERS\nwusbser_001.sys [2010-12-10 217856]
R3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2_001.sys [2010-12-10 217856]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [2010-12-22 43032]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TMobileRcAppSvc;T-Mobile RcApp Svc;c:\program files (x86)\T-Mobile\webConnect Manager\RcAppSvc.exe [2010-12-22 114688]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-24 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
R4 ZEvtSVC;ZEvtSVC;c:\progra~2\SAAZOD\zSCC\zEvtSVC.exe [2012-06-30 230216]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-03-22 49752]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-07-27 94296]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2010-05-10 2683712]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 158720]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-11 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
S2 SAAZappr;SAAZ RMM Agent Presence-PR;c:\progra~2\SAAZOD\zRealTime\SAAZappr.exe SAAZappr [x]
S2 SAAZapsc;SAAZ RMM Agent Presence-SC;c:\progra~2\SAAZOD\zRealTime\SAAZapsc.exe SAAZapsc [x]
S2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~2\SAAZOD\SAAZDPMACTL.exe [2009-06-13 81920]
S2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~2\SAAZOD\SAAZRemoteSupport.exe [2009-06-04 73728]
S2 SAAZScheduler;SAAZScheduler;c:\progra~2\SAAZOD\SAAZScheduler.exe [2011-06-24 77824]
S2 SAAZServerPlus;SAAZServerPlus;c:\progra~2\SAAZOD\SAAZServerPlus.exe [2009-04-30 77824]
S2 SAAZWatchDog;SAAZWatchDog;c:\progra~2\SAAZOD\SAAZWatchDog.exe [2009-06-04 81920]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2010-06-14 64600]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\SBEAgent\SBPIMSvc.exe [2010-09-24 181584]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-09-04 927840]
S2 VZWConfigService;VZW Config Service;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\VZWMSConfig.exe [2010-12-10 172368]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
S3 tmobile_mf691_dc_enum;tmobile_mf691_dc_enum;c:\windows\system32\DRIVERS\tmobile_mf691_dc_enum.sys [2010-04-09 75776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-15 03:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 592240]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418328]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-15 6492672]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"SBRegRebootCleaner"="c:\program files (x86)\Sunbelt Software\SBEAgent\SBRC.exe" [2010-09-24 197968]
"combofix"="c:\combofix\CF11816.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://isearch.avg.com/?cid={0F170...f2b8d6623&lang=en&ds=ft011&pr=sa&d=2012-09-04 15:16&v=12.2.0.5&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{03BE809A-A760-40B9-9633-B5ED43BAE437}: NameServer = 10.177.0.34 10.164.103.44
TCP: Interfaces\{16CD0C4C-88A4-4D8F-BFFF-395378065114}: NameServer = 10.177.0.34 10.164.103.44
TCP: Interfaces\{8A5A305E-D78E-40A3-888D-1BB419004099}: NameServer = 10.177.0.34 10.164.103.44
TCP: Interfaces\{D6F09853-2630-40A7-8BEE-351018943481}: NameServer = 10.177.0.34 10.164.103.44
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\GTuomey\AppData\Roaming\Mozilla\Firefox\Profiles\18bc85it.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
user_pref('extensions.dealply.partner', 'sft3');
user_pref('extensions.dealply.channel', 'sft3soft32');
user_pref('extensions.dealply.installId', 'v24300282177635938192472012090415162124');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '4');
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ravct - c:\users\GTuomey\AppData\Roaming\ravct.dll
Wow6432Node-HKCU-Run-dresng - c:\users\GTuomey\AppData\Roaming\dresng.dll
Wow6432Node-HKCU-Run-pifap - c:\users\GTuomey\AppData\Roaming\pifap.dll
Toolbar-Locked - (no file)
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\progra~2\SAAZOD\zRealTime\SAAZappr.exe
c:\progra~2\SAAZOD\zRealTime\SAAZapsc.exe
c:\progra~2\SAAZOD\zRealTime\rtHlpDk.exe
c:\progra~2\SAAZOD\RMHLPDSK.exe
c:\progra~2\SAAZOD\zRealTime\rtdrHlpDk.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2012-09-14 23:16:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-15 03:16
.
Pre-Run: 261,998,809,088 bytes free
Post-Run: 261,262,036,992 bytes free
.
- - End Of File - - B8ED861D41EF9E9F63E92E73AE69D374
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/24/2011 9:33:25 AM
System Uptime: 9/16/2012 8:08:03 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 03PH4G
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz | CPU 1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 251.997 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP101: 9/14/2012 11:21:56 PM - ComboFix created restore point
RP102: 9/15/2012 12:28:55 AM - Removed Java(TM) 6 Update 24 (64-bit)
RP103: 9/15/2012 12:29:28 AM - Removed Java(TM) 6 Update 35
RP104: 9/15/2012 12:29:56 AM - Windows Update
.
==== Installed Programs ======================
.
AccelerometerP11
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
AppGraffiti
Automise Runtime 3.0.0.634
AVG Security Toolbar
BlackBerry USB Drivers
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink PowerDVD 9.5
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell Webcam Central
Digital Line Detect
DirectX 9 Runtime
Intel(R) Identity Protection Technology 1.0.71.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
ITSupport247-DPMA
Junk Mail filter update
LogMeIn
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
Netwaiting
O2Micro Flash Memory Card Windows Driver
O2Micro OZ776 SCR Driver
PhotoShowExpress
RadioRage
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2345000)
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
Sunbelt Enterprise Agent
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Verizon Mobile Broadband Drivers
VZAccess Manager
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZSCC
.
==== Event Viewer Messages From Past Week ========
.
9/15/2012 8:23:45 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
9/14/2012 11:14:16 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
9/14/2012 11:13:09 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/14/2012 11:12:34 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/14/2012 11:08:46 PM, Error: Service Control Manager [7034] - The O2SDIOAssist service terminated unexpectedly. It has done this 1 time(s).
9/14/2012 11:04:25 PM, Error: Service Control Manager [7034] - The Intel(R) Identity Protection Technology Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.14.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
GTuomey :: 75S4LQ1-GTLT [administrator]
9/14/2012 8:01:13 PM
mbam-log-2012-09-14 (20-01-13).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 322584
Time elapsed: 35 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ofaptc (Trojan.RedirRdll2.Gen) -> Data: "C:\Windows\System32\rundll32.exe" "C:\Users\GTuomey\AppData\Roaming\ofaptc.dll",VecAddFontMapper -> Quarantined and deleted successfully.
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\GTuomey\AppData\Local\{59c2e666-b23d-69c2-70d8-cd1ff49882a6}\U\800000cb.@ (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Users\GTuomey\Downloads\pandora radio setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully.
(end)
ComboFix 12-09-14.03 - GTuomey 09/14/2012 23:08:47.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3993.2455 [GMT -4:00]
Running from: c:\users\GTuomey\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Sunbelt VIPRE *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyTune.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\program files (x86)\RadioRage_4j
c:\program files (x86)\RadioRage_4j\bar\1.bin\chrome\4jffxtbr.jar
c:\program files (x86)\RadioRage_4j\bar\2.bin\CHROME.MANIFEST
c:\program files (x86)\RadioRage_4j\bar\2.bin\chrome\4jffxtbr.jar
c:\program files (x86)\RadioRage_4j\bar\2.bin\INSTALL.RDF
c:\program files (x86)\RadioRage_4j\bar\2.bin\LOGO.BMP
c:\program files (x86)\RadioRage_4j\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\RadioRage_4j\bar\Message\COMMON.T8S
c:\program files (x86)\RadioRage_4j\bar\Settings\s_pid.dat
c:\program files (x86)\RadioRage_4jEI
c:\users\GTuomey\AppData\Roaming\nasofw.dll
c:\users\GTuomey\AppData\Roaming\pifap.dll
c:\windows\SysWow64\instsrv.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-15 03:02 . 2012-09-15 03:02 -------- d-----w- c:\users\GTuomey\AppData\Local\Macromedia
2012-09-15 03:02 . 2012-09-15 03:02 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-15 00:10 . 2012-09-15 00:10 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-15 00:10 . 2012-09-15 00:10 -------- d-----w- c:\program files (x86)\Java
2012-09-15 00:08 . 2012-09-15 00:08 -------- d-----w- c:\programdata\McAfee
2012-09-04 19:17 . 2012-09-04 19:17 -------- d-----w- c:\users\GTuomey\AppData\Local\AVG Secure Search
2012-09-04 19:17 . 2012-09-04 19:17 -------- d-----w- c:\programdata\AVG Secure Search
2012-09-04 19:16 . 2012-09-04 19:16 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-09-04 19:16 . 2012-09-04 19:16 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-09-04 19:16 . 2012-09-04 19:17 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-09-04 19:16 . 2012-09-04 19:16 -------- d--h--w- c:\programdata\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-15 03:02 . 2011-12-24 13:37 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-15 00:10 . 2011-06-16 09:19 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-07 21:04 . 2011-06-24 14:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-11 00:07 . 2011-06-27 18:22 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-11 00:07 . 2011-06-27 18:22 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-07-11 00:07 . 2011-06-27 18:22 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-06-30 12:36 . 2012-06-30 12:36 407104 ----a-w- c:\windows\SysWow64\mshflxgd.ocx
2012-06-30 12:36 . 2012-06-30 12:36 203976 ----a-w- c:\windows\SysWow64\richtx32.ocx
2012-06-30 12:36 . 2012-06-30 12:36 185344 ----a-w- c:\windows\SysWow64\wbem\framedyn.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-04 19:16 2045024 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-09-04 2045024]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SBAMTray"="c:\program files (x86)\Sunbelt Software\SBEAgent\SBAMTray.exe" [2010-09-24 1332560]
"T-Mobile webConnect Manager"="c:\program files (x86)\T-Mobile\webConnect Manager\TMobileCM.exe" [2011-01-20 12800]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-04 1162848]
"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-09-04 1020512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SBAMSvc;VIPRE Enterprise Agent;c:\program files (x86)\Sunbelt Software\SBEAgent\SBAMSvc.exe [2010-09-24 2763080]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-15 250568]
R3 CATmobile;T-Mobile Con App Svc;c:\program files (x86)\T-Mobile\webConnect Manager\conappssvc.exe [2010-12-22 118784]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 13952]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-09-01 256000]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;c:\windows\system32\DRIVERS\NWRmNet_001.sys [2010-12-10 295424]
R3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;c:\windows\system32\DRIVERS\nwusbmdm_001.sys [2010-12-10 217856]
R3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;c:\windows\system32\DRIVERS\nwusbser_001.sys [2010-12-10 217856]
R3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2_001.sys [2010-12-10 217856]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [2010-12-22 43032]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TMobileRcAppSvc;T-Mobile RcApp Svc;c:\program files (x86)\T-Mobile\webConnect Manager\RcAppSvc.exe [2010-12-22 114688]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-24 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
R4 ZEvtSVC;ZEvtSVC;c:\progra~2\SAAZOD\zSCC\zEvtSVC.exe [2012-06-30 230216]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-03-22 49752]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-07-27 94296]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2010-05-10 2683712]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 158720]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-11 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
S2 SAAZappr;SAAZ RMM Agent Presence-PR;c:\progra~2\SAAZOD\zRealTime\SAAZappr.exe SAAZappr [x]
S2 SAAZapsc;SAAZ RMM Agent Presence-SC;c:\progra~2\SAAZOD\zRealTime\SAAZapsc.exe SAAZapsc [x]
S2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~2\SAAZOD\SAAZDPMACTL.exe [2009-06-13 81920]
S2 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~2\SAAZOD\SAAZRemoteSupport.exe [2009-06-04 73728]
S2 SAAZScheduler;SAAZScheduler;c:\progra~2\SAAZOD\SAAZScheduler.exe [2011-06-24 77824]
S2 SAAZServerPlus;SAAZServerPlus;c:\progra~2\SAAZOD\SAAZServerPlus.exe [2009-04-30 77824]
S2 SAAZWatchDog;SAAZWatchDog;c:\progra~2\SAAZOD\SAAZWatchDog.exe [2009-06-04 81920]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2010-06-14 64600]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\SBEAgent\SBPIMSvc.exe [2010-09-24 181584]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-09-04 927840]
S2 VZWConfigService;VZW Config Service;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\VZWMSConfig.exe [2010-12-10 172368]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
S3 tmobile_mf691_dc_enum;tmobile_mf691_dc_enum;c:\windows\system32\DRIVERS\tmobile_mf691_dc_enum.sys [2010-04-09 75776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-15 03:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-03-04 21:12 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 592240]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418328]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-15 6492672]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"SBRegRebootCleaner"="c:\program files (x86)\Sunbelt Software\SBEAgent\SBRC.exe" [2010-09-24 197968]
"combofix"="c:\combofix\CF11816.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://isearch.avg.com/?cid={0F170...f2b8d6623&lang=en&ds=ft011&pr=sa&d=2012-09-04 15:16&v=12.2.0.5&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{03BE809A-A760-40B9-9633-B5ED43BAE437}: NameServer = 10.177.0.34 10.164.103.44
TCP: Interfaces\{16CD0C4C-88A4-4D8F-BFFF-395378065114}: NameServer = 10.177.0.34 10.164.103.44
TCP: Interfaces\{8A5A305E-D78E-40A3-888D-1BB419004099}: NameServer = 10.177.0.34 10.164.103.44
TCP: Interfaces\{D6F09853-2630-40A7-8BEE-351018943481}: NameServer = 10.177.0.34 10.164.103.44
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\GTuomey\AppData\Roaming\Mozilla\Firefox\Profiles\18bc85it.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
user_pref('extensions.dealply.partner', 'sft3');
user_pref('extensions.dealply.channel', 'sft3soft32');
user_pref('extensions.dealply.installId', 'v24300282177635938192472012090415162124');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '4');
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ravct - c:\users\GTuomey\AppData\Roaming\ravct.dll
Wow6432Node-HKCU-Run-dresng - c:\users\GTuomey\AppData\Roaming\dresng.dll
Wow6432Node-HKCU-Run-pifap - c:\users\GTuomey\AppData\Roaming\pifap.dll
Toolbar-Locked - (no file)
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\progra~2\SAAZOD\zRealTime\SAAZappr.exe
c:\progra~2\SAAZOD\zRealTime\SAAZapsc.exe
c:\progra~2\SAAZOD\zRealTime\rtHlpDk.exe
c:\progra~2\SAAZOD\RMHLPDSK.exe
c:\progra~2\SAAZOD\zRealTime\rtdrHlpDk.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2012-09-14 23:16:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-15 03:16
.
Pre-Run: 261,998,809,088 bytes free
Post-Run: 261,262,036,992 bytes free
.
- - End Of File - - B8ED861D41EF9E9F63E92E73AE69D374
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/24/2011 9:33:25 AM
System Uptime: 9/16/2012 8:08:03 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 03PH4G
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz | CPU 1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 251.997 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP101: 9/14/2012 11:21:56 PM - ComboFix created restore point
RP102: 9/15/2012 12:28:55 AM - Removed Java(TM) 6 Update 24 (64-bit)
RP103: 9/15/2012 12:29:28 AM - Removed Java(TM) 6 Update 35
RP104: 9/15/2012 12:29:56 AM - Windows Update
.
==== Installed Programs ======================
.
AccelerometerP11
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
AppGraffiti
Automise Runtime 3.0.0.634
AVG Security Toolbar
BlackBerry USB Drivers
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink PowerDVD 9.5
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell Webcam Central
Digital Line Detect
DirectX 9 Runtime
Intel(R) Identity Protection Technology 1.0.71.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
ITSupport247-DPMA
Junk Mail filter update
LogMeIn
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
Netwaiting
O2Micro Flash Memory Card Windows Driver
O2Micro OZ776 SCR Driver
PhotoShowExpress
RadioRage
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2345000)
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
Sunbelt Enterprise Agent
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Verizon Mobile Broadband Drivers
VZAccess Manager
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZSCC
.
==== Event Viewer Messages From Past Week ========
.
9/15/2012 8:23:45 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
9/14/2012 11:14:16 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
9/14/2012 11:13:09 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/14/2012 11:12:34 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/14/2012 11:08:46 PM, Error: Service Control Manager [7034] - The O2SDIOAssist service terminated unexpectedly. It has done this 1 time(s).
9/14/2012 11:04:25 PM, Error: Service Control Manager [7034] - The Intel(R) Identity Protection Technology Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================