Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Virus Infection [Closed]

Started by feetishes , Sep 08 2012 08:19 PM

  • This topic is locked This topic is locked

#16
feetishes
Posted 11 September 2012 - 04:52 AM

feetishes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Greetings

I noticed upon reboot, the AVG issued another prompt, but it appeared after the Google Drive icon was syncing down in the lower right of my desktop. Is it possible that Google Drive is causing the problem?! Here is the ComboFix log below.

ComboFix 12-09-11.01 - John 09/11/2012 5:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2446 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\_ctypes.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\_elementtree.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\_hashlib.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\_socket.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\_ssl.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\pyexpat.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\pysqlite2._sqlite.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\python26.dll
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\pythoncom26.dll
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\PyWinTypes26.dll
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\select.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\unicodedata.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\win32api.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\win32com.shell.shell.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\win32crypt.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\win32event.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\win32file.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\win32inet.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\win32pdh.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\win32process.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\windows._cacheinvalidation.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\wx._controls_.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\wx._core_.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\wx._gdi_.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\wx._html2.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\wx._misc_.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\wx._windows_.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\wx._wizard.pyd
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\wxbase293u_net_vc.dll
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\wxbase293u_vc.dll
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\wxmsw293u_adv_vc.dll
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\wxmsw293u_core_vc.dll
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\wxmsw293u_html_vc.dll
c:\docume~1\John\LOCALS~1\Temp\_MEI8042\wxmsw293u_webview_vc.dll
c:\documents and settings\All Users\Application Data\281857412B.sys
c:\documents and settings\John\Local Settings\Temp\_MEI8042\_ctypes.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\_elementtree.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\_hashlib.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\_socket.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\_ssl.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\pyexpat.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\pysqlite2._sqlite.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\python26.dll
c:\documents and settings\John\Local Settings\Temp\_MEI8042\pythoncom26.dll
c:\documents and settings\John\Local Settings\Temp\_MEI8042\PyWinTypes26.dll
c:\documents and settings\John\Local Settings\Temp\_MEI8042\select.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\unicodedata.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\win32api.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\win32com.shell.shell.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\win32crypt.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\win32event.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\win32file.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\win32inet.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\win32pdh.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\win32process.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\windows._cacheinvalidation.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\wx._controls_.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\wx._core_.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\wx._gdi_.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\wx._html2.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\wx._misc_.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\wx._windows_.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\wx._wizard.pyd
c:\documents and settings\John\Local Settings\Temp\_MEI8042\wxbase293u_net_vc.dll
c:\documents and settings\John\Local Settings\Temp\_MEI8042\wxbase293u_vc.dll
c:\documents and settings\John\Local Settings\Temp\_MEI8042\wxmsw293u_adv_vc.dll
c:\documents and settings\John\Local Settings\Temp\_MEI8042\wxmsw293u_core_vc.dll
c:\documents and settings\John\Local Settings\Temp\_MEI8042\wxmsw293u_html_vc.dll
c:\documents and settings\John\Local Settings\Temp\_MEI8042\wxmsw293u_webview_vc.dll
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\20100423150458_zhaopin100423jiao15s.gif
c:\favoritevideo\InvisibleFolder\20100610144608_ppliveshijiebei100610zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100610145021_pplivenvziwangqiu100610zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100624181647_nvziwangqiu100624zhu5s.swf
c:\favoritevideo\InvisibleFolder\20100628181546_tengfei100628zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100803185733_pptvhuiyuan100803zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100810151259_taobao100811zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100813174225_jingji100813zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100823123139_jiaotongyinhang100823zhu15sps.swf
c:\favoritevideo\InvisibleFolder\20100823123256_jiaotongyinhang100823zhu15sgm.swf
c:\favoritevideo\InvisibleFolder\20100827103211_kubiwang100827zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100827103852_kubiwang100827zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100827173422_huiyuan100828zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100901182509_wanmei100902zantingjingzhi.jpg
c:\favoritevideo\InvisibleFolder\20100901182638_wanmei100902zantingqiaokeli.jpg
c:\favoritevideo\InvisibleFolder\20100902112801_honglou100902jiao15s.jpg
c:\favoritevideo\InvisibleFolder\20100902135544_wanmeichujdonggan100902zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100902140340_wanmeichujiwugu100902zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100902140719_wanmeitanlidanbaiA100902zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100902140939_wammeitanlidanbaiB100902zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100902141214_wanmeigelishuang100902zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100902152917_wanmeichujitanli100902zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100902163248_jingji100902zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100906103744_kadang100906zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100906123518_wanmeiqiaokeli100906cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100906123648_wanmeijinzhitanli100906cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100906123846_wanmeichunjitanli100906cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100906124028_wanmeichunjiwugu100906cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100906124232_wanmeichunjidonggan10906cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100906124518_wanmeiggelishuang100906cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100909114908_fenghuasangu100909bkqipao.swf
c:\favoritevideo\InvisibleFolder\20100910172054_huiyuan100910zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100914181157_mingchao100915zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100916185658_tianjin100917qipao15s1.swf
c:\favoritevideo\InvisibleFolder\20100916190507_tianjinyiqi100916zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100916190713_tianjinyiqi100916zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100916190835_tianjinyiqi100916cha15s.swf
c:\favoritevideo\InvisibleFolder\20100920164829_fanrenxiuzhen100920bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20100925200642_yaowan100926qipao.swf
c:\favoritevideo\InvisibleFolder\20100927162041_woyiwang100927zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100927181146_datangwushuang101002zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100928140355_kuowang100928zhu5s.swf
c:\favoritevideo\InvisibleFolder\20100929205012_tianxia100930zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100930152150_pptv100930zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100930152231_pptv100930zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100930162615_kunlun101001zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101002193837_wopaiwang101002zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101003223209_tianxiaer101005zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101003224436_tianxiaer101010zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101008131324_xinkuaibao101011zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101009120216_baojie101009zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101009155744_huiyuan101009haiwai.swf
c:\favoritevideo\InvisibleFolder\20101012175740_xunyou101014bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101013145830_huiyuan101013zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101013220321_guangfayinghang101013zhu8s.swf
c:\favoritevideo\InvisibleFolder\20101014112335_beinasong101014zanting15slehuo.swf
c:\favoritevideo\InvisibleFolder\20101014112623_beinasong101014zanting15smenhu.swf
c:\favoritevideo\InvisibleFolder\20101014112818_beinasong101014zanting15speisong.swf
c:\favoritevideo\InvisibleFolder\20101014114314_menghuanxiuxian101014zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101014121155_haoya101014hanmierdun.swf
c:\favoritevideo\InvisibleFolder\20101014121336_haoya101014shawa.swf
c:\favoritevideo\InvisibleFolder\20101014121454_haoya101014wz.swf
c:\favoritevideo\InvisibleFolder\20101014121609_haoya101014ldhm.swf
c:\favoritevideo\InvisibleFolder\20101014121722_haoya101014wzsw.swf
c:\favoritevideo\InvisibleFolder\20101014160145_sasa101014jiao15s1.swf
c:\favoritevideo\InvisibleFolder\20101015105850_huiyuantvb101019zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101015114711_zhongqingbao101020bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101015114927_huiyuan101015zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101015151510_taobao101017zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101015151659_taobao101017zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101015151909_taobao101017cha15s.swf
c:\favoritevideo\InvisibleFolder\20101015174435_wanmei101015zhu15sqiaokeli.swf
c:\favoritevideo\InvisibleFolder\20101015174558_wanmei101015zhu15sjinzhitanli.swf
c:\favoritevideo\InvisibleFolder\20101015174704_wanmei101015zhu15sgelishuangB.swf
c:\favoritevideo\InvisibleFolder\20101015174840_wanmei101015zhu15sgelishuangA.swf
c:\favoritevideo\InvisibleFolder\20101015174947_wanmei101015zhu15stanlidanbai.swf
c:\favoritevideo\InvisibleFolder\20101015175059_wanmei101015zhu15schunji.swf
c:\favoritevideo\InvisibleFolder\20101015180201_beidaqingniao101018zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101015180329_beidaqingniao101018zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101015180517_beidaqingniao101018cha15s.swf
c:\favoritevideo\InvisibleFolder\20101015180859_dianhun101016bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101015184447_yigou101015zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101015184635_yigou101015zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101015185226_lvshou101018zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101015234329_dianhun101016zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101016154824_wushenshenhua101018zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101017232641_huanjuwang101018zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101017232902_huanjuwang101018zanting15s1.swf
c:\favoritevideo\InvisibleFolder\20101018170403_baidukongjian101101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101018180357_xiaochun101018zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101018182734_shoubiao101019zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101018183758_shenhua101019zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101018185938_tianxiaer101018zanting15s.swf
c:\favoritevideo\InvisibleFolder\HTTP_ASF_SOURCE.ax
c:\favoritevideo\InvisibleFolder\pplss2.swf
c:\favoritevideo\InvisibleFolder\PPP.dll
c:\favoritevideo\InvisibleFolder\pptvsetup_2.6.1.0008_s.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\1028_DELL_XPS_Vostro 1700 .MRK
c:\windows\system32\drivers\DELL_XPS_Vostro 1700 .MRK
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-11 to 2012-09-11 )))))))))))))))))))))))))))))))
.
.
2012-09-09 13:19 . 2012-09-09 13:19 -------- d-----w- C:\_OTL
2012-08-16 00:34 . 2003-05-19 15:23 1699913 ----a-w- c:\windows\system32\InetClnt.dll
2012-08-16 00:28 . 2012-08-16 00:28 -------- d-----w- c:\windows\Intuit
2012-08-15 23:10 . 2012-08-15 23:10 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Intuit
2012-08-15 23:09 . 2012-08-15 23:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsolatedStorage
2012-08-15 23:09 . 2012-08-15 23:09 -------- d-----w- c:\documents and settings\John\Application Data\Intuit
2012-08-15 23:07 . 2012-08-15 23:07 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\IsolatedStorage
2012-08-15 23:07 . 2012-08-16 00:35 -------- d-----w- c:\program files\Common Files\Intuit
2012-08-15 23:07 . 2012-08-15 23:07 -------- d-----w- c:\program files\TurboTax
2012-08-15 23:04 . 2012-08-15 23:04 -------- d-----w- c:\program files\Microsoft.NET
2012-08-15 23:02 . 2012-08-15 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2012-08-15 22:49 . 2012-08-15 22:49 -------- d-----w- c:\program files\uTorrent
2012-08-15 22:48 . 2012-09-05 13:46 -------- d-----w- c:\documents and settings\John\Application Data\uTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 20:43 . 2011-02-10 12:54 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-15 11:50 . 2012-04-12 10:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 11:50 . 2011-05-20 02:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-26 08:21 . 2011-01-07 11:41 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-07-06 13:58 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-08-19 22:38 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:46 . 2010-09-10 02:17 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 14:00 . 2010-08-28 15:11 5642 --s-a-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2012-07-03 13:40 . 2004-08-04 10:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="c:\documents and settings\John\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Facebook Update"="c:\documents and settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-24 2220032]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NVHotkey"="nvHotkey.dll" [2010-07-09 178792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-05-17 105632]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-8-15 724992]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\John\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Documents and Settings\\John\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\John\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\John\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Documents and Settings\\John\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 4:32 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 7:54 AM 301920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/2/2010 4:48 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/12/2012 5:56 AM 250056]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [1/23/2011 8:44 AM 30312]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [3/29/2011 8:55 PM 20032]
S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\FsUsbExDisk.SYS --> c:\windows\system32\FsUsbExDisk.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/2/2010 4:48 PM 136176]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [11/19/2010 11:22 PM 13312]
S3 RK28USB;Driver for RK28USB Device;c:\windows\system32\drivers\rk28usb.sys [3/24/2011 7:53 AM 43944]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [1/23/2011 8:44 AM 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [1/23/2011 8:44 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [1/23/2011 8:44 AM 121576]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 11:50]
.
2012-09-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-RJ-44D11BCAC9F6-John.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-03 23:42]
.
2012-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-602162358-920026266-1801674531-1003Core.job
- c:\documents and settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-08-24 21:38]
.
2012-09-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-602162358-920026266-1801674531-1003UA.job
- c:\documents and settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-08-24 21:38]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-02 08:01]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-02 08:01]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-920026266-1801674531-1003Core.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 09:00]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-920026266-1801674531-1003UA.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 09:00]
.
.
------- Supplementary Scan -------
.
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-{f952d611-eae7-4d6e-9c5c-ff7d1bf0de6f} - c:\program files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\John\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-11 05:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1148)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3908)
c:\windows\system32\WININET.dll
c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WS_FTP Pro\nsftpch.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-09-11 05:45:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-11 10:45
.
Pre-Run: 14,711,738,368 bytes free
Post-Run: 14,649,774,080 bytes free
.
- - End Of File - - 9DF1250E12464323EFF4C68B53B5EB8A
  • 0

Advertisements

#17
Essexboy
Posted 11 September 2012 - 04:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That would suggest that the infection is within the Google drive

I would recommend that you delete the current synch data and then redo a fresh synch point
  • 0

#18
Essexboy
Posted 15 September 2012 - 05:12 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP