Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect + ipconfig Fail


  • Please log in to reply

#1
Noelle Minuet

Noelle Minuet

    New Member

  • Member
  • Pip
  • 6 posts
Hi!
Ok, known problems that I've searched on multiple sites for and have run numbers of scans for is the Google redirect virus that has been present for about a month and a half, and just recently today an ipconfig /all in cmd.exe returns an error.

I've done quite a few scans in the past, all of which return "no infections." These are what I've tried today and their results.

Erunt
OTM (results below)
GooredFix
TDSSKiller
OTL (results below)


==============================================================================================================
*OTM RESULTS*

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\owner\Downloads\cmd.bat deleted successfully.
C:\Users\owner\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 160266 bytes
->Temporary Internet Files folder emptied: 1861907 bytes
->FireFox cache emptied: 74542973 bytes
->Flash cache emptied: 780 bytes

User: owner
->Temp folder emptied: 1211448200 bytes
->Temporary Internet Files folder emptied: 99239651 bytes
->Java cache emptied: 2156018 bytes
->FireFox cache emptied: 121618158 bytes
->Flash cache emptied: 2840 bytes

User: Public

%systemdrive% .tmp files removed: 7320 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81252387 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
RecycleBin emptied: 108383887 bytes

Total Files Cleaned = 1,622.00 mb

Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.18.0 log created on 07092011_032813

Files moved on Reboot...
C:\Users\owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Users\owner\AppData\Local\Temp\VGXCEFB.tmp not found!

Registry entries deleted on Reboot...


==============================================================================================================


*OTL RESULTS* (from two notes)

OTL Extras logfile created on: 7/9/2011 3:45:41 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\owner\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 57.25% Memory free
5.73 Gb Paging File | 4.38 Gb Available in Paging File | 76.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.29 Gb Total Space | 199.56 Gb Free Space | 69.71% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{3CDDD063-7FC2-43A7-9EC0-B3F1E38C7649}" = HP Deskjet Printer Driver Software 13.0 Rel. 1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"CNXT_AUDIO_HDA" = Conexant HD Audio
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 26
"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.5.2.1102
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9521B818-19CE-4d28-8200-DD26133E19E6}" = D2400_Help
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A3FBF944-11B9-4DA6-AA48-65F2DD548EE9}" = dj_sf_ProductContext
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DA2E39F3-6ABB-415E-A0BF-CEEEF6E64A44}" = D2400
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E68B0A8D-5FD5-4689-A5B6-155C01026BAC}" = dj_sf_software_req
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EC0AEEE8-3D70-4792-B4D1-1BFBC7D8BEEB}" = dj_sf_software
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"FBDBServer_2_1_is1" = Firebird 2.1.3.18185 (Win32)
"Free Audio Converter_is1" = Free Audio Converter version 2.2.11
"FrostWire" = FrostWire 4.21.3
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"SAM3" = SAM Broadcaster v4
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app
"Game Organizer" = EasyBits GO
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/27/2011 4:18:54 AM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6178

Error - 6/27/2011 4:18:55 AM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/27/2011 4:18:55 AM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7176

Error - 6/27/2011 4:18:55 AM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7176

Error - 6/27/2011 4:18:56 AM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/27/2011 4:18:56 AM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8175

Error - 6/27/2011 4:18:56 AM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8175

Error - 6/27/2011 4:18:57 AM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/27/2011 4:18:57 AM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9205

Error - 6/27/2011 4:18:57 AM | Computer Name = owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9205

[ Media Center Events ]
Error - 12/29/2010 7:21:22 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 6:21:22 PM - Error connecting to the internet. 6:21:22 PM - Unable
to contact server..

Error - 12/29/2010 7:21:33 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 6:21:27 PM - Error connecting to the internet. 6:21:27 PM - Unable
to contact server..

Error - 12/29/2010 8:21:51 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 7:21:51 PM - Error connecting to the internet. 7:21:51 PM - Unable
to contact server..

Error - 12/29/2010 8:22:04 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 7:21:57 PM - Error connecting to the internet. 7:21:57 PM - Unable
to contact server..

Error - 12/29/2010 9:22:27 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 8:22:27 PM - Error connecting to the internet. 8:22:27 PM - Unable
to contact server..

Error - 12/29/2010 9:22:38 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 8:22:32 PM - Error connecting to the internet. 8:22:32 PM - Unable
to contact server..

Error - 12/30/2010 10:37:00 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 9:37:00 PM - Error connecting to the internet. 9:37:00 PM - Unable
to contact server..

Error - 12/30/2010 10:37:14 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 9:37:06 PM - Error connecting to the internet. 9:37:06 PM - Unable
to contact server..

Error - 1/1/2011 4:55:02 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 3:55:02 PM - Error connecting to the internet. 3:55:02 PM - Unable
to contact server..

Error - 1/1/2011 4:55:18 PM | Computer Name = owner-PC | Source = MCUpdate | ID = 0
Description = 3:55:07 PM - Error connecting to the internet. 3:55:07 PM - Unable
to contact server..

[ System Events ]
Error - 6/9/2011 10:48:35 PM | Computer Name = owner-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 6/9/2011 10:59:01 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
is3srv

Error - 6/9/2011 10:59:11 PM | Computer Name = owner-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 6/9/2011 11:12:40 PM | Computer Name = owner-PC | Source = DCOM | ID = 10016
Description =

Error - 6/10/2011 12:34:03 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
is3srv

Error - 6/10/2011 12:34:15 AM | Computer Name = owner-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 6/10/2011 12:39:02 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the szserver service.

Error - 6/11/2011 5:32:56 AM | Computer Name = owner-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.105.1655.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 6/15/2011 2:25:08 PM | Computer Name = owner-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 6/19/2011 3:27:42 PM | Computer Name = owner-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842


< End of report >


==============================================================================================================



OTL logfile created on: 7/9/2011 3:45:41 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\owner\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 57.25% Memory free
5.73 Gb Paging File | 4.38 Gb Available in Paging File | 76.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.29 Gb Total Space | 199.56 Gb Free Space | 69.71% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/09 03:45:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/04/24 02:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 02:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/22 18:54:14 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
PRC - [2009/07/22 18:53:44 | 002,736,128 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe


========== Modules (SafeList) ==========

MOD - [2011/07/09 03:45:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/02/25 22:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/09/09 22:09:23 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/04/24 02:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 02:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/07/22 18:54:14 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2009/07/22 18:53:44 | 002,736,128 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/07/29 08:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/28 04:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
DRV:64bit: - [2010/04/24 02:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 02:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 02:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 02:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/03/31 02:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 16:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/22 21:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/09 00:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 16:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSND&bmod=TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSND&bmod=TSND

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSND&bmod=TSND
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C 1D 4C 99 5E 76 F4 4F A6 DD F7 A7 A2 57 57 EB [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {ab97f679-51f4-4843-99fb-eb68ee0a4d63}:1.0
FF - prefs.js..network.proxy.type: 4

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/03 10:36:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/09 23:49:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/08 21:41:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/03 10:36:34 | 000,000,000 | ---D | M]

[2010/11/27 11:19:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2011/07/09 03:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\41rp7msj.default\extensions
[2011/01/03 10:23:27 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\41rp7msj.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/06/04 14:55:40 | 000,002,396 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\41rp7msj.default\searchplugins\askcom.xml
[2011/07/08 21:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/10 01:16:21 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/07/08 21:41:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\41RP7MSJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/09 03:28:14 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [dbgengwow.exe] File not found
O4 - HKCU..\Run: [ieakengwow.exe] File not found
O4 - HKCU..\Run: [ir32_32wow.exe] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O30:64bit: - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
O30:64bit: - LSA: Security Packages - (ᘀ堀㄀) - File not found
O30 - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
O30 - LSA: Security Packages - (ᘀ堀㄀) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/07/09 03:45:13 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2011/07/09 03:38:34 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\tdsskiller
[2011/07/09 03:37:01 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\GooredFix Backups
[2011/07/09 03:28:13 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/09 03:26:01 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/07/09 03:23:56 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\New folder
[2011/07/09 01:25:41 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\AddCraft
[2011/07/09 00:44:40 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Minecraft Backup
[2011/07/08 22:17:49 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\MineEdit
[2011/07/08 21:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/07/08 21:41:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/07/08 21:34:57 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Minecraft Server
[2011/07/01 13:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/06/27 01:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer 2
[2011/06/27 01:34:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecondLifeViewer2
[2011/06/25 20:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2011/06/15 23:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2011/06/15 23:12:56 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Audacity
[2011/06/12 13:57:39 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Things Folder
[2011/06/10 03:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/06/10 03:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2011/06/10 03:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2011/06/10 03:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/06/09 22:25:05 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\MP3
[34 C:\Users\owner\Documents\*.tmp files -> C:\Users\owner\Documents\*.tmp -> ]
[2 C:\Users\owner\AppData\Local\*.tmp files -> C:\Users\owner\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/09 03:45:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2011/07/09 03:40:16 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/09 03:40:16 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/09 03:37:22 | 000,730,554 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/07/09 03:37:22 | 000,626,722 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/07/09 03:37:22 | 000,107,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/07/09 03:33:11 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/09 03:32:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/07/09 03:32:42 | 2307,280,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/09 03:31:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/09 03:28:14 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2011/07/08 19:53:20 | 000,021,318 | ---- | M] () -- C:\Users\owner\.recently-used.xbel
[2011/07/07 22:22:29 | 000,270,142 | ---- | M] () -- C:\Users\owner\Desktop\Minecraft.exe
[2011/07/01 13:08:36 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/01 04:36:49 | 000,343,472 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/06/28 02:54:28 | 000,001,185 | ---- | M] () -- C:\Users\owner\Desktop\Perfect World International.lnk
[2011/06/15 23:25:59 | 000,000,954 | ---- | M] () -- C:\Users\owner\Desktop\Audacity.lnk
[2011/06/13 21:49:09 | 000,000,101 | ---- | M] () -- C:\Users\owner\.gtk-bookmarks
[2011/06/11 13:31:42 | 000,000,000 | ---- | M] () -- C:\Users\owner\AppData\Local\{D5CE7DC3-8B64-40C8-92DA-823315168C96}
[2011/06/10 03:09:36 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/06/10 00:34:31 | 000,001,128 | ---- | M] () -- C:\windows\SysNative\drivers\kgpcpy.cfg
[2011/06/09 23:49:37 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[34 C:\Users\owner\Documents\*.tmp files -> C:\Users\owner\Documents\*.tmp -> ]
[2 C:\Users\owner\AppData\Local\*.tmp files -> C:\Users\owner\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/08 19:53:20 | 000,021,318 | ---- | C] () -- C:\Users\owner\.recently-used.xbel
[2011/07/07 22:22:26 | 000,270,142 | ---- | C] () -- C:\Users\owner\Desktop\Minecraft.exe
[2011/07/01 13:08:36 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/06/28 02:54:28 | 000,001,185 | ---- | C] () -- C:\Users\owner\Desktop\Perfect World International.lnk
[2011/06/15 23:25:59 | 000,000,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011/06/15 23:25:59 | 000,000,954 | ---- | C] () -- C:\Users\owner\Desktop\Audacity.lnk
[2011/06/13 21:49:09 | 000,000,101 | ---- | C] () -- C:\Users\owner\.gtk-bookmarks
[2011/06/11 13:31:03 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\{D5CE7DC3-8B64-40C8-92DA-823315168C96}
[2011/06/10 03:08:08 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/06/10 00:34:10 | 000,001,128 | ---- | C] () -- C:\windows\SysNative\drivers\kgpcpy.cfg
[2011/06/09 23:49:37 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/09 23:49:37 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/20 01:57:53 | 000,000,054 | ---- | C] () -- C:\ProgramData\32a58d2e
[2011/05/19 13:29:31 | 000,001,265 | ---- | C] () -- C:\ProgramData\308277589
[2011/05/19 13:29:17 | 000,000,144 | -HS- | C] () -- C:\ProgramData\846584441
[2011/05/19 13:29:16 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2011/05/19 13:29:09 | 000,505,856 | -HS- | C] () -- C:\windows\tapisrvwow.exe
[2011/05/19 13:28:53 | 000,247,808 | ---- | C] () -- C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll
[2011/05/19 13:28:46 | 000,194,048 | ---- | C] () -- C:\windows\SysWow64\imapi2fs32.exe
[2011/05/13 16:11:30 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\{8E47E516-2C52-4985-A03D-08218683FAC2}
[2011/01/03 10:32:04 | 000,163,075 | ---- | C] () -- C:\windows\hphins15.dat
[2011/01/03 10:32:04 | 000,002,011 | ---- | C] () -- C:\windows\hphmdl15.dat
[2010/12/29 10:46:22 | 000,744,400 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/27 12:12:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/26 18:11:14 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2010/07/29 08:08:46 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/07/29 08:08:44 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/07/29 08:08:42 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/07/29 07:14:38 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/07/29 07:14:38 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/09 02:44:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\.minecraft
[2011/06/15 23:20:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Audacity
[2011/05/14 00:59:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Avination_Viewer
[2010/12/27 13:46:01 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DVDVideoSoft
[2011/07/08 01:13:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FrostWire
[2011/06/28 02:46:45 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GetRightToGo
[2011/07/01 13:07:54 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\go
[2011/07/08 19:20:48 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\gtk-2.0
[2011/06/15 17:18:09 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SecondLife
[2011/06/02 21:26:33 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SoftGrid Client
[2011/05/31 14:10:17 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SysWin
[2010/11/26 13:32:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Toshiba
[2010/12/29 10:47:11 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TP
[2010/11/24 19:30:26 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinBatch
[2010/12/30 22:34:14 | 000,027,484 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Uninstall Frostwire. It's nothing but a virus delivery system.

Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************
:processes
killallprocesses

:OTL
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKCU..\Run: [dbgengwow.exe] File not found
O4 - HKCU..\Run: [ieakengwow.exe] File not found
O4 - HKCU..\Run: [ir32_32wow.exe] File not found
[2011/06/11 13:31:42 | 000,000,000 | ---- | M] () -- C:\Users\owner\AppData\Local\{D5CE7DC3-8B64-40C8-92DA-823315168C96}
[2011/05/20 01:57:53 | 000,000,054 | ---- | C] () -- C:\ProgramData\32a58d2e
[2011/05/19 13:29:31 | 000,001,265 | ---- | C] () -- C:\ProgramData\308277589
[2011/05/19 13:29:17 | 000,000,144 | -HS- | C] () -- C:\ProgramData\846584441
[2011/05/19 13:29:16 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2011/05/19 13:29:09 | 000,505,856 | -HS- | C] () -- C:\windows\tapisrvwow.exe
[2011/05/19 13:28:53 | 000,247,808 | ---- | C] () -- C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll
[2011/05/19 13:28:46 | 000,194,048 | ---- | C] () -- C:\windows\SysWow64\imapi2fs32.exe
[2011/05/13 16:11:30 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\{8E47E516-2C52-4985-A03D-08218683FAC2}

:Commands
[purity]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

You must first uninstall AVG before running Combofix then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Right click and Run As Administrator the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image




Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it by right clicking and Run As Administrator. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.


Download and Save the install file to your desktop:

http://www.avast.com...ivirus-download

Uninstall Microsoft Security Essentials and Microsoft Security Client

Right click on the Avast download and Run As Administrator

Once you have it installed and it has updated:
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).



1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Open OTL again (Right click and Run As Administrator) and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Are you still getting redirected?
Ron
  • 0

#3
Noelle Minuet

Noelle Minuet

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok here are the results of the scans I've finished so far.


================================================================================================================

*OTL RESULTS*



========== PROCESSES ==========
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ deleted successfully.
C:\ProgramData\Partner\Partner64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dbgengwow.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ieakengwow.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ir32_32wow.exe deleted successfully.
C:\Users\owner\AppData\Local\{D5CE7DC3-8B64-40C8-92DA-823315168C96} moved successfully.
C:\ProgramData\32a58d2e moved successfully.
C:\ProgramData\308277589 moved successfully.
C:\ProgramData\846584441 moved successfully.
C:\ProgramData\unrar.exe moved successfully.
File C:\windows\tapisrvwow.exe not found.
File C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll not found.
File C:\windows\SysWow64\imapi2fs32.exe not found.
C:\Users\owner\AppData\Local\{8E47E516-2C52-4985-A03D-08218683FAC2} moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 07092011_200816

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



================================================================================================================

*Malwarebytes' Anti-Malware RESULTS*



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7060

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/9/2011 8:24:52 PM
mbam-log-2011-07-09 (20-24-52).txt

Scan type: Quick scan
Objects scanned: 182366
Time elapsed: 5 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
c:\programdata\1343745358 (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\2105679798 (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\Users\owner\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\1343745358\new.i0.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\1343745358\new.i1.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\1343745358\new.i2.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\1343745358\new.i3.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\2105679798\frt0.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\2105679798\frt0.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\2105679798\frt1.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\2105679798\frt1.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\2105679798\frt2.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\2105679798\frt2.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\2105679798\frt3.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\2105679798\frt3.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\2105679798\frt4.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\2105679798\frt4.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\2105679798\frt5.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\2105679798\frt5.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\2105679798\frt6.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\2105679798\frt6.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\2105679798\frt7.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\2105679798\frt7.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.



================================================================================================================

*ComboFix RESULTS*




ComboFix 11-07-09.03 - owner 07/09/2011 20:43:39.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2934.1693 [GMT -4:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SysWoW32
c:\programdata\SysWoW32\@u947900531v0
c:\programdata\SysWoW32\@u947900531v1
c:\programdata\SysWoW32\@u947900531v2
c:\programdata\SysWoW32\@u947900531v3
c:\programdata\SysWoW32\_u947900531v0
c:\programdata\SysWoW32\_u947900531v1
c:\programdata\SysWoW32\_u947900531v2
c:\programdata\SysWoW32\_u947900531v3
c:\programdata\SysWoW32\mu947900531v4.kwd
c:\programdata\SysWoW32\mu947900531v5.kwd
c:\programdata\SysWoW32\mu947900531v6.kwd
c:\programdata\SysWoW32\mu947900531v7.kwd
c:\programdata\SysWoW32\wu947900531v0
c:\programdata\SysWoW32\wu947900531v0.kwd
c:\programdata\SysWoW32\wu947900531v1
c:\programdata\SysWoW32\wu947900531v1.kwd
c:\programdata\SysWoW32\wu947900531v2
c:\programdata\SysWoW32\wu947900531v2.kwd
c:\programdata\SysWoW32\wu947900531v3
c:\programdata\SysWoW32\wu947900531v3.kwd
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\vzcbpaxz.default\extensions\{ab97f679-51f4-4843-99fb-eb68ee0a4d63}
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\vzcbpaxz.default\extensions\{ab97f679-51f4-4843-99fb-eb68ee0a4d63}\chrome.manifest
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\vzcbpaxz.default\extensions\{ab97f679-51f4-4843-99fb-eb68ee0a4d63}\chrome\xulcache.jar
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\vzcbpaxz.default\extensions\{ab97f679-51f4-4843-99fb-eb68ee0a4d63}\defaults\preferences\xulcache.js
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\vzcbpaxz.default\extensions\{ab97f679-51f4-4843-99fb-eb68ee0a4d63}\install.rdf
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-06-10 to 2011-07-10 )))))))))))))))))))))))))))))))
.
.
2011-07-10 00:17 . 2011-07-10 00:17 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2011-07-10 00:17 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-10 00:17 . 2011-07-10 00:17 -------- d-----w- c:\programdata\Malwarebytes
2011-07-10 00:17 . 2011-07-10 00:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-10 00:17 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-10 00:08 . 2011-07-10 00:08 -------- d-----w- C:\_OTL
2011-07-09 15:25 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5F8C514-9803-49D8-9CDD-21B02482158B}\mpengine.dll
2011-07-09 07:28 . 2011-07-09 07:28 -------- d-----w- C:\_OTM
2011-07-09 01:41 . 2011-07-09 01:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-09 01:41 . 2011-05-04 08:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-09 01:41 . 2011-05-04 08:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-06-27 05:34 . 2011-06-27 05:38 -------- d-----w- c:\program files (x86)\SecondLifeViewer2
2011-06-26 00:56 . 2011-06-26 00:56 -------- d-----w- c:\programdata\Cisco Systems
2011-06-16 03:25 . 2011-06-16 03:25 -------- d-----w- c:\program files (x86)\Audacity
2011-06-16 03:15 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 03:15 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 03:15 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 03:15 . 2011-04-29 05:47 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-16 03:15 . 2011-04-29 05:08 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-16 03:15 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 03:15 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 03:15 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 03:15 . 2011-05-28 03:07 3133952 ----a-w- c:\windows\system32\win32k.sys
2011-06-16 03:12 . 2011-06-16 03:20 -------- d-----w- c:\users\owner\AppData\Roaming\Audacity
2011-06-11 17:31 . 2011-06-11 17:31 0 ---ha-w- c:\users\owner\AppData\Local\BIT6207.tmp
2011-06-10 07:08 . 2011-06-21 11:52 -------- d-----w- c:\program files (x86)\World of Warcraft
2011-06-10 07:08 . 2011-06-10 07:09 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2011-06-10 07:06 . 2011-06-10 07:37 -------- d-----w- c:\programdata\Blizzard Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 18:25 . 2011-05-19 16:51 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-07 17:10 . 2011-04-12 01:24 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-13 20:11 . 2011-05-13 20:11 0 ---ha-w- c:\users\owner\AppData\Local\BIT10CA.tmp
2011-05-10 12:10 . 2011-05-27 03:51 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-22 20:18 . 2011-05-24 18:17 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-10-06 16:23 1294136 ----a-w- c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-09-10 332272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 02:09]
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 02:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\41rp7msj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2046797835-1935098037-635485279-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2046797835-1935098037-635485279-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2046797835-1935098037-635485279-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF5D9D94-7A23-83C2-ACC9-B00C15F8BDC8}*]
@Allowed: (Read) (RestrictedCode)
"iajmcpjbakaldccmki"=hex:6b,61,66,6d,67,6f,6d,6f,66,6c,62,65,64,6b,66,6e,68,65,
62,61,63,69,00,00
"hapheadjbbjildih"=hex:69,61,65,6d,69,6c,6b,64,6f,64,67,6f,67,6e,6e,6c,66,62,
00,77
"iafoceciffnamdmhcb"=hex:63,61,69,6c,70,69,00,00
"dbfmejpdclpdlpfanidnkhgiohcclgfceikipepo"=hex:6a,62,6e,6d,68,63,62,6e,6d,6d,
69,70,6b,70,62,6b,64,70,6b,62,69,68,62,6e,65,6d,6a,69,6a,6a,64,68,6d,69,64,\
"jbfmejpdclpdlpfanidnlkkefdehhggcncofjeboeggfoafpombg"=hex:6f,61,66,6f,66,69,
69,70,66,6e,6d,69,66,64,6c,66,67,67,64,6a,69,64,6d,65,6a,70,62,6a,6a,6f,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-07-09 22:08:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-10 02:08
.
Pre-Run: 214,075,936,768 bytes free
Post-Run: 213,487,648,768 bytes free
.
- - End Of File - - C41B366DE7C348AADBDCA3514C30EB88



================================================================================================================

*TDSSKiller RESULTS*


I don't think this scan gave a text file. No threats we're found if from this program if I remember correctly.


================================================================================================================

*aswMBR RESULTS*


"Fix" button was not enabled


aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-09 22:35:25
-----------------------------
22:35:25.327 OS Version: Windows x64 6.1.7600
22:35:25.327 Number of processors: 2 586 0x2505
22:35:25.327 ComputerName: OWNER-PC UserName: owner
22:35:27.152 Initialize success
22:35:33.002 AVAST engine defs: 11070901
22:35:35.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:35:35.015 Disk 0 Vendor: TOSHIBA_ GH10 Size: 305245MB BusType: 3
22:35:35.062 Disk 0 MBR read successfully
22:35:35.062 Disk 0 MBR scan
22:35:35.077 Disk 0 unknown MBR code
22:35:35.077 Service scanning
22:35:36.840 Disk 0 trace - called modules:
22:35:37.058 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:35:37.058 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003311700]
22:35:37.058 3 CLASSPNP.SYS[fffff88001b0343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800319d050]
22:35:38.618 AVAST engine scan C:\windows
22:52:35.093 File: C:\windows\System32\drivers\en-US\bfe.dll.mui **SUSPICIOUS**
22:52:36.622 File: C:\windows\System32\drivers\en-US\ndiscap.sys.mui **SUSPICIOUS**
22:52:36.996 File: C:\windows\System32\drivers\en-US\pacer.sys.mui **SUSPICIOUS**
22:52:37.495 File: C:\windows\System32\drivers\en-US\qwavedrv.sys.mui **SUSPICIOUS**
22:52:37.807 File: C:\windows\System32\drivers\en-US\scfilter.sys.mui **SUSPICIOUS**
22:52:38.166 File: C:\windows\System32\drivers\en-US\tcpip.sys.mui **SUSPICIOUS**
22:53:07.370 File: C:\windows\System32\drivers\wimmount.sys **SUSPICIOUS**
23:36:05.336 AVAST engine scan C:\Users\owner
23:52:32.837 File: C:\Users\owner\AppData\Local\VirtualStore\ProgramData\BE1F0B075E9593789C3EF1F815085CA9\b\binm1 **INFECTED** Win32:Downloader-HLQ [Trj]
23:52:33.041 File: C:\Users\owner\AppData\Local\VirtualStore\ProgramData\BE1F0B075E9593789C3EF1F815085CA9\b\bint1 **INFECTED** Win32:Renos-AOD [Trj]
23:59:18.362 AVAST engine scan C:\ProgramData
23:59:19.293 File: C:\ProgramData\BE1F0B075E9593789C3EF1F815085CA9\b\binm1 **INFECTED** Win32:Dracus-B [Trj]
23:59:19.591 File: C:\ProgramData\BE1F0B075E9593789C3EF1F815085CA9\b\bint1 **INFECTED** Win32:Dracus-B [Trj]
00:00:44.577 Scan finished successfully
00:09:33.220 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
00:09:33.231 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR Scan.txt"


================================================================================================================

*MBRCheck RESULTS*



MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Intel Corp.
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite L655
Logical Drives Mask: 0x0001000c

Kernel Drivers (total 200):
0x02C56000 \SystemRoot\system32\ntoskrnl.exe
0x02C0D000 \SystemRoot\system32\hal.dll
0x00B9C000 \SystemRoot\system32\kdcom.dll
0x00C07000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C4B000 \SystemRoot\system32\PSHED.dll
0x00C5F000 \SystemRoot\system32\CLFS.SYS
0x00CBD000 \SystemRoot\system32\CI.dll
0x00E29000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ECD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EDC000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F33000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F3C000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F46000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F79000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F86000 \SystemRoot\System32\drivers\partmgr.sys
0x00F9B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FA4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FB0000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D7D000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FC5000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FDF000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FE6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x010ED000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x012F7000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01300000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0132A000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01335000 \SystemRoot\system32\drivers\amdxata.sys
0x01340000 \SystemRoot\system32\drivers\fltmgr.sys
0x0138C000 \SystemRoot\system32\drivers\fileinfo.sys
0x0140C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x013A0000 \SystemRoot\System32\Drivers\msrpc.sys
0x015AE000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x015C8000 \SystemRoot\System32\drivers\pcw.sys
0x015D9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016D6000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x017C8000 \SystemRoot\system32\DRIVERS\wd.sys
0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017D0000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x017D5000 \SystemRoot\System32\Drivers\spldr.sys
0x01A5D000 \SystemRoot\System32\drivers\rdyboost.sys
0x01A97000 \SystemRoot\System32\Drivers\mup.sys
0x01AA9000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01AB2000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01AEC000 \SystemRoot\system32\DRIVERS\disk.sys
0x01B02000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x03E57000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03E81000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x03EB2000 \SystemRoot\System32\Drivers\Null.SYS
0x03EBB000 \SystemRoot\System32\Drivers\Beep.SYS
0x03EC2000 \SystemRoot\System32\drivers\vga.sys
0x03ED0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03EF5000 \SystemRoot\System32\drivers\watchdog.sys
0x03F05000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03F0E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03F17000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03F20000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03F2B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03F3C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03F5A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03F67000 \SystemRoot\system32\drivers\afd.sys
0x01B40000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03FF0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03C00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x01B85000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03C26000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01B9B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01BB6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x01A00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01A51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01BCA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x01BD5000 \SystemRoot\System32\drivers\discache.sys
0x017DD000 \SystemRoot\System32\Drivers\dfsc.sys
0x01BE4000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x010BF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04AF5000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04A00000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05514000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0555A000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x0556B000 \SystemRoot\system32\drivers\usbehci.sys
0x0557C000 \SystemRoot\system32\drivers\USBPORT.SYS
0x055D2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04248000 \SystemRoot\system32\DRIVERS\rtl8192Ce.sys
0x04345000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04352000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x04367000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04385000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04394000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x043E6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x043E8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04200000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x0420A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04217000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x015E3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0423E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x055F6000 \SystemRoot\system32\DRIVERS\QIOMem.sys
0x043F7000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x01BF5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x00E00000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x00E10000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x00DD9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x01400000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04453000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04482000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0449D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x044BE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x044D8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x044DA000 \SystemRoot\system32\DRIVERS\ks.sys
0x0451D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0452F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04589000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0401A000 \SystemRoot\system32\drivers\CHDRT64.sys
0x040CD000 \SystemRoot\system32\drivers\portcls.sys
0x0410A000 \SystemRoot\system32\drivers\drmk.sys
0x0412C000 \SystemRoot\system32\drivers\ksthunk.sys
0x04132000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04140000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04159000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04162000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x0416F000 \SystemRoot\System32\drivers\Dxapi.sys
0x0417B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03C35000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x04189000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0419C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x041B9000 \SystemRoot\System32\Drivers\usbvideo.sys
0x041E7000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x041EE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005E0000 \SystemRoot\System32\TSDDD.dll
0x006A0000 \SystemRoot\System32\cdd.dll
0x045DB000 \SystemRoot\system32\drivers\luafv.sys
0x04000000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x04400000 \SystemRoot\system32\drivers\WudfPf.sys
0x04421000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02A9A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02AED000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02B00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02B18000 \SystemRoot\system32\drivers\HTTP.sys
0x02BE0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02A00000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02A18000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02A45000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0459E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03A63000 \SystemRoot\system32\drivers\peauth.sys
0x03B09000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03B14000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x03A00000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x03BCB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03A4D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05AA3000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05B0A000 \SystemRoot\System32\DRIVERS\srv.sys
0x05B9F000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x05BAA000 \??\C:\Users\owner\AppData\Local\Temp\aswMBR.sys
0x05BB8000 \??\C:\windows\system32\drivers\mbam.sys
0x05A00000 \SystemRoot\system32\drivers\MSPQM.sys
0x05A02000 \SystemRoot\system32\drivers\MSPCLOCK.sys
0x76E90000 \Windows\System32\ntdll.dll
0x476D0000 \Windows\System32\smss.exe
0xFF1B0000 \Windows\System32\apisetschema.dll
0xFF380000 \Windows\System32\autochk.exe
0xFF100000 \Windows\System32\clbcatq.dll
0xFE370000 \Windows\System32\shell32.dll
0xFE290000 \Windows\System32\oleaut32.dll
0xFE270000 \Windows\System32\imagehlp.dll
0xFE1D0000 \Windows\System32\msvcrt.dll
0xFE0A0000 \Windows\System32\rpcrt4.dll
0xFE030000 \Windows\System32\gdi32.dll
0xFDF20000 \Windows\System32\msctf.dll
0xFDEF0000 \Windows\System32\imm32.dll
0xFDDC0000 \Windows\System32\wininet.dll
0x76D90000 \Windows\System32\user32.dll
0xFDDB0000 \Windows\System32\lpk.dll
0xFDD60000 \Windows\System32\Wldap32.dll
0xFDD10000 \Windows\System32\ws2_32.dll
0x77060000 \Windows\System32\normaliz.dll
0xFDB00000 \Windows\System32\ole32.dll
0xFD8A0000 \Windows\System32\iertutil.dll
0x77050000 \Windows\System32\psapi.dll
0xFD6C0000 \Windows\System32\setupapi.dll
0xFD540000 \Windows\System32\urlmon.dll
0xFD470000 \Windows\System32\usp10.dll
0xFD3F0000 \Windows\System32\shlwapi.dll
0xFD370000 \Windows\System32\difxapi.dll
0xFD350000 \Windows\System32\sechost.dll
0xFD270000 \Windows\System32\advapi32.dll
0x76C70000 \Windows\System32\kernel32.dll
0xFD260000 \Windows\System32\nsi.dll
0xFD1C0000 \Windows\System32\comdlg32.dll
0xFD150000 \Windows\System32\KernelBase.dll
0xFD0B0000 \Windows\System32\comctl32.dll
0xFCF40000 \Windows\System32\crypt32.dll
0xFCF00000 \Windows\System32\cfgmgr32.dll
0xFCEC0000 \Windows\System32\wintrust.dll
0xFCEA0000 \Windows\System32\devobj.dll
0xFCE90000 \Windows\System32\msasn1.dll
0x77040000 \Windows\SysWOW64\normaliz.dll

Processes (total 79):
0 System Idle Process
4 System
304 C:\Windows\System32\smss.exe
404 csrss.exe
480 C:\Windows\System32\wininit.exe
492 csrss.exe
536 C:\Windows\System32\services.exe
552 C:\Windows\System32\lsass.exe
560 C:\Windows\System32\lsm.exe
668 C:\Windows\System32\svchost.exe
732 C:\Windows\System32\svchost.exe
784 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
868 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
360 C:\Windows\System32\winlogon.exe
440 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\svchost.exe
1404 C:\Windows\System32\spoolsv.exe
1436 C:\Windows\System32\svchost.exe
1520 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1580 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1620 C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
1712 C:\Windows\SysWOW64\svchost.exe
1732 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
1988 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
2016 C:\Windows\System32\svchost.exe
400 C:\Windows\System32\TODDSrv.exe
1152 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
1648 C:\Program Files\TOSHIBA\TECO\TecoService.exe
1756 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2092 C:\Windows\System32\SearchIndexer.exe
2124 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2192 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
2692 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
2772 C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
2928 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\taskhost.exe
696 C:\Windows\System32\dwm.exe
2976 C:\Windows\explorer.exe
3192 C:\Windows\System32\svchost.exe
3320 C:\Windows\System32\igfxtray.exe
3336 C:\Windows\System32\hkcmd.exe
3344 C:\Windows\System32\igfxpers.exe
3356 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
3476 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3488 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
3504 C:\Program Files\Microsoft Security Client\msseces.exe
3520 C:\Program Files\Windows Sidebar\sidebar.exe
3564 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
3752 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3760 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
3856 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3872 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3880 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3532 C:\Program Files\Windows Media Player\wmpnetwk.exe
476 C:\Windows\System32\svchost.exe
4224 C:\Program Files\iPod\bin\iPodService.exe
4604 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
4648 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
4716 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
4848 dllhost.exe
1644 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
1652 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
4968 C:\Windows\System32\wuauclt.exe
2792 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
840 C:\Program Files (x86)\Skype\Phone\Skype.exe
3788 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2676 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
6412 C:\Windows\System32\audiodg.exe
4940 C:\Windows\servicing\TrustedInstaller.exe
4660 C:\Windows\System32\VSSVC.exe
5200 C:\Windows\System32\svchost.exe
5616 C:\Windows\System32\SearchProtocolHost.exe
5400 C:\Windows\System32\SearchFilterHost.exe
5008 dllhost.exe
5444 dllhost.exe
6628 C:\Users\owner\Desktop\MBRCheck.exe
5864 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: TOSHIBAMK3265GSXN, Rev: GH101M

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!


================================================================================================================

*Avast! Scan still need to be run*



================================================================================================================

*Quick Scan*




QuickScan Beta 32-bit v0.9.9.98
-------------------------------
Scan date: Tue Jul 12 18:15:14 2011
Machine ID: E2258A29



No infection found.
-------------------



Processes
---------
(verified) hpwuSchd Application 3760 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(verified) Firefox 3432 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(verified) Firefox 4324 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(verified) GPCore COM object 4716 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(verified) HP Digital Imaging 4648 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(verified) HP Digital Imaging 4604 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(verified) HP Digital Imaging 3564 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(verified) iTunes 3752 C:\Program Files (x86)\iTunes\iTunesHelper.exe
(verified) Java™ Platform SE Auto Updater 2 0 3856 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) Malwarebytes' Anti-Malware 3880 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(verified) Skype 840 C:\Program Files (x86)\Skype\Phone\Skype.exe


Network activity
----------------
Process Skype.exe (840) connected on port 34034 --> 208.88.186.6
Process Skype.exe (840) connected on port 12350 --> 213.146.189.206

Process Skype.exe (840) listens on ports: 80 (HTTP), 443 (HTTP over SSL), 5580


Autoruns and critical files
---------------------------
(unsigned) QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe

(verified) hpwuSchd Application C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
(verified) Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) HP Digital Imaging C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(verified) HpqSRmon Application C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
(verified) iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
(verified) Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) Malwarebytes' Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) TOSHIBA Web Camera Application C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(verified) Windows® Internet Explorer c:\windows\syswow64\webcheck.dll


Browser plugins
---------------
(unsigned) Java™ Platform SE 6 U26 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

(verified) AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
(verified) BitDefender QuickScan C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\41rp7msj.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verified) Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) BrowserPlus (from Yahoo!) v2.9.8 C:\Users\owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
(verified) Google Update C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
(verified) HP Product Detection C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\41rp7msj.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\setup.exe
(verified) HP Product Detection Plugin for Mozilla C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\41rp7msj.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
(verified) HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
(verified) HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
(verified) Java Deployment Toolkit 6.0.260.3 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
(verified) Java™ Platform SE 6 U26 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL
(verified) Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\urlredir.dll
(verified) Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
(verified) Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
(verified) Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
(verified) Microsoft® Windows® Operating System C:\windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\windows\System32\winrnr.dll
(verified) npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
(verified) NPSWF32.dll C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
(verified) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
(verified) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
(verified) Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
(verified) Skype Toolbars c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
(verified) TOSHIBA Media Controller Plug-in c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll
(verified) Windows Installer C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\41rp7msj.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\instmsia.exe
(verified) Windows Installer - Unicode C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\41rp7msj.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\instmsiw.exe
(verified) Windows Live™ Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
(verified) Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll


Scan
----
MD5: db8ee43c90536a07d4ba481079ae214c C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
MD5: 36624d0be8c39899a908e81591f45ea1 C:\Program Files (x86)\HP\Digital Imaging\bin\hpodio08.dll
MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 66c91a227660d474dc1a8158631c0deb C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts
MD5: 69581380e69c8dce30ede2a463c912ee C:\Program Files (x86)\QuickTime\QTTask.exe


No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.00 MB sent, 0.02 KB recvd
Scanned 423 files and modules - 2 seconds

==============================================================================
  • 0

#4
Noelle Minuet

Noelle Minuet

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
================================================================================================================

ESET Results


C:\ProgramData\BE1F0B075E9593789C3EF1F815085CA9\b\binm1 a variant of Win32/Kryptik.OLG trojan cleaned by deleting - quarantined
C:\ProgramData\BE1F0B075E9593789C3EF1F815085CA9\b\bint1 a variant of Win32/Kryptik.OLG trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\@u947900531v1.vir a variant of Win32/Kryptik.OLG trojan deleted - quarantined
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\@u947900531v2.vir a variant of Win32/Kryptik.OLG trojan deleted - quarantined
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\@u947900531v3.vir a variant of Win32/Kryptik.OLG trojan deleted - quarantined
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\wu947900531v1.vir a variant of Win32/Kryptik.OLG trojan deleted - quarantined
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\wu947900531v2.vir a variant of Win32/Kryptik.OLG trojan deleted - quarantined
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\wu947900531v3.vir a variant of Win32/Kryptik.OLG trojan deleted - quarantined
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u947900531v1.vir a variant of Win32/Kryptik.OLG trojan deleted - quarantined
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u947900531v2.vir a variant of Win32/Kryptik.OLG trojan deleted - quarantined
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\_u947900531v3.vir a variant of Win32/Kryptik.OLG trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\vzcbpaxz.default\extensions\{ab97f679-51f4-4843-99fb-eb68ee0a4d63}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\vzcbpaxz.default\extensions\{ab97f679-51f4-4843-99fb-eb68ee0a4d63}\chrome\xulcache.jar.vir JS/Agent.NDB trojan deleted - quarantined
C:\Users\owner\AppData\Local\VirtualStore\ProgramData\BE1F0B075E9593789C3EF1F815085CA9\b\binm1 a variant of Win32/Kryptik.OLG trojan cleaned by deleting - quarantined
C:\Users\owner\AppData\Local\VirtualStore\ProgramData\BE1F0B075E9593789C3EF1F815085CA9\b\bint1 a variant of Win32/Kryptik.OLG trojan cleaned by deleting - quarantined
C:\Users\owner\Desktop\Virus Folder\GooredFix Backups\C\Users\owner\Application Data\Mozilla\Firefox\Profiles\41rp7msj.default\extensions\{ab97f679-51f4-4843-99fb-eb68ee0a4d63}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\owner\Desktop\Virus Folder\GooredFix Backups\C\Users\owner\Application Data\Mozilla\Firefox\Profiles\41rp7msj.default\extensions\{ab97f679-51f4-4843-99fb-eb68ee0a4d63}\chrome\xulcache.jar JS/Agent.NDB trojan deleted - quarantined
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Making good progress. I think ESET got most of what was left but let's do this:


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\users\owner\AppData\Local\BIT6207.tmp
c:\users\owner\AppData\Local\BIT10CA.tmp

Folder::
C:\ProgramData\BE1F0B075E9593789C3EF1F815085CA9\
C:\Users\owner\AppData\Local\VirtualStore\ProgramData\BE1F0B075E9593789C3EF1F815085CA9

RegNull::
[HKEY_USERS\S-1-5-21-2046797835-1935098037-635485279-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF5D9D94-7A23-83C2-ACC9-B00C15F8BDC8}*]

RegLock::
[HKEY_USERS\S-1-5-21-2046797835-1935098037-635485279-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF5D9D94-7A23-83C2-ACC9-B00C15F8BDC8}*]
[HKEY_USERS\S-1-5-21-2046797835-1935098037-635485279-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF5D9D94-7A23-83C2-ACC9-B00C15F8BDC8}]


Registry::
[-HKEY_USERS\S-1-5-21-2046797835-1935098037-635485279-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF5D9D94-7A23-83C2-ACC9-B00C15F8BDC8}*]
[-HKEY_USERS\S-1-5-21-2046797835-1935098037-635485279-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF5D9D94-7A23-83C2-ACC9-B00C15F8BDC8}]

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Delete the old aswMBR and download a new copy. Supposedly it has been updated so as not to detect the .mui files as Suspicious so download it again, save it and run it and post the log. Download aswMBR.exe ( 511KB ) to your desktop.

Are you still getting redirected?


Ron
  • 0

#6
Noelle Minuet

Noelle Minuet

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ComboFix 11-07-22.02 - owner 07/22/2011 23:16:16.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2934.1559 [GMT -4:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
Command switches used :: c:\users\owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\owner\AppData\Local\BIT10CA.tmp"
"c:\users\owner\AppData\Local\BIT6207.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\BE1F0B075E9593789C3EF1F815085CA9
c:\programdata\BE1F0B075E9593789C3EF1F815085CA9\A263.tmp
c:\programdata\BE1F0B075E9593789C3EF1F815085CA9\b\version
c:\programdata\BE1F0B075E9593789C3EF1F815085CA9\bin
c:\programdata\BE1F0B075E9593789C3EF1F815085CA9\C01D.tmp
c:\programdata\BE1F0B075E9593789C3EF1F815085CA9\C1D3.tmp
c:\programdata\BE1F0B075E9593789C3EF1F815085CA9\D9C9.tmp
c:\programdata\BE1F0B075E9593789C3EF1F815085CA9\lock
c:\programdata\BE1F0B075E9593789C3EF1F815085CA9\ntuser.dat
c:\programdata\BE1F0B075E9593789C3EF1F815085CA9\unrar.exe
c:\users\owner\AppData\Local\BIT10CA.tmp
c:\users\owner\AppData\Local\BIT6207.tmp
c:\users\owner\AppData\Local\VirtualStore\ProgramData\BE1F0B075E9593789C3EF1F815085CA9
c:\users\owner\AppData\Local\VirtualStore\ProgramData\BE1F0B075E9593789C3EF1F815085CA9\b\version
c:\users\owner\AppData\Local\VirtualStore\ProgramData\BE1F0B075E9593789C3EF1F815085CA9\bin
c:\users\owner\AppData\Local\VirtualStore\ProgramData\BE1F0B075E9593789C3EF1F815085CA9\ntuser.dat
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy21_!Windows!SysWOW64!userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))
.
.
2011-07-23 03:31 . 2011-07-23 03:31 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-07-23 03:31 . 2011-07-23 03:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-22 01:15 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{063D0788-6BFE-4FE2-93F0-8F1EFEBA39F3}\mpengine.dll
2011-07-16 04:51 . 2011-07-16 04:52 -------- d-----w- c:\program files (x86)\Ask.com
2011-07-13 16:44 . 2011-07-13 16:44 -------- d-----w- c:\program files (x86)\ESET
2011-07-13 11:57 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-13 11:57 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-13 11:57 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-13 11:57 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-13 11:57 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-13 11:57 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-13 11:57 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-13 11:57 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-12 22:11 . 2011-07-12 22:15 -------- d-----w- c:\users\owner\AppData\Roaming\QuickScan
2011-07-12 22:09 . 2011-07-12 22:09 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-12 22:09 . 2011-07-12 22:09 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-10 00:17 . 2011-07-10 00:17 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2011-07-10 00:17 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-10 00:17 . 2011-07-10 00:17 -------- d-----w- c:\programdata\Malwarebytes
2011-07-10 00:17 . 2011-07-10 00:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-10 00:17 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-10 00:08 . 2011-07-10 00:08 -------- d-----w- C:\_OTL
2011-07-09 07:28 . 2011-07-09 07:28 -------- d-----w- C:\_OTM
2011-07-09 01:41 . 2011-07-09 01:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-09 01:41 . 2011-05-04 08:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-09 01:41 . 2011-05-04 08:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-06-27 05:34 . 2011-06-27 05:38 -------- d-----w- c:\program files (x86)\SecondLifeViewer2
2011-06-26 00:56 . 2011-06-26 00:56 -------- d-----w- c:\programdata\Cisco Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-05-27 03:51 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-15 18:25 . 2011-05-19 16:51 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-07 17:10 . 2011-04-12 01:24 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-02 05:56 . 2011-07-13 00:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:25 . 2011-06-16 03:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-16 03:14 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-04 02:51 . 2011-06-16 03:15 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-16 03:15 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-16 03:15 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-16 03:14 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-16 03:14 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:13 . 2011-06-16 03:14 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-16 03:14 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-16 03:14 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:57 . 2011-06-16 03:15 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 05:32 . 2011-06-16 03:15 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:44 . 2011-06-16 03:15 499712 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( [email protected]_02.03.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-09-10 01:50 . 2009-12-22 08:23 25600 c:\windows\SysWOW64\setup16.exe
+ 2011-07-13 00:27 . 2011-06-02 05:56 25600 c:\windows\SysWOW64\setup16.exe
- 2010-09-10 01:50 . 2009-12-22 08:24 14336 c:\windows\SysWOW64\ntvdm64.dll
+ 2011-07-13 00:27 . 2011-06-02 05:59 14336 c:\windows\SysWOW64\ntvdm64.dll
- 2011-07-10 02:02 . 2011-07-10 02:02 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-07-23 03:32 . 2011-07-23 03:32 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2011-07-10 02:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-23 03:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-23 03:34 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-10 02:02 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-10 02:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-23 03:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-13 00:27 . 2011-06-02 06:45 13312 c:\windows\system32\wow64cpu.dll
- 2009-07-13 23:26 . 2009-07-14 01:41 13312 c:\windows\system32\wow64cpu.dll
+ 2010-09-10 01:42 . 2011-07-13 11:51 47800 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-17 21:11 44462 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-24 23:31 . 2011-07-17 21:11 13044 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2046797835-1935098037-635485279-1000_UserData.bin
+ 2011-07-13 00:27 . 2011-06-02 06:42 16384 c:\windows\system32\ntvdm64.dll
- 2009-07-13 23:26 . 2009-07-14 01:41 16384 c:\windows\system32\ntvdm64.dll
- 2009-07-14 05:30 . 2011-06-10 04:30 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-07-13 11:48 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-07-13 00:27 . 2011-04-28 03:58 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\bthenum.sys
+ 2010-11-25 02:26 . 2011-07-23 03:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-25 02:26 . 2011-07-10 02:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-09 07:32 . 2011-07-23 03:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-09 07:32 . 2011-07-10 02:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-10 02:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-23 03:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-30 02:55 . 2011-07-23 03:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-30 02:55 . 2011-07-10 02:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:46 . 2011-07-09 01:43 80672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-07-16 04:13 80672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-11-30 02:55 . 2011-07-10 02:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-30 02:55 . 2011-07-23 03:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-30 02:55 . 2011-07-10 02:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-30 02:55 . 2011-07-23 03:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-24 23:35 . 2011-07-10 01:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-24 23:35 . 2011-07-23 03:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-24 23:35 . 2011-07-23 03:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-24 23:35 . 2011-07-10 01:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-10 01:50 . 2009-12-22 08:22 5120 c:\windows\SysWOW64\wow32.dll
+ 2011-07-13 00:27 . 2011-06-02 05:54 5120 c:\windows\SysWOW64\wow32.dll
+ 2011-07-13 00:27 . 2011-06-02 03:50 2048 c:\windows\SysWOW64\user.exe
- 2010-09-10 01:50 . 2009-12-22 04:28 2048 c:\windows\SysWOW64\user.exe
+ 2011-07-13 00:27 . 2011-06-02 03:51 7680 c:\windows\SysWOW64\instnm.exe
- 2010-09-10 01:50 . 2009-12-22 04:28 7680 c:\windows\SysWOW64\instnm.exe
+ 2011-07-13 00:27 . 2011-06-02 03:45 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 03:45 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 03:45 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 03:45 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 05:45 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
- 2010-11-27 16:57 . 2011-07-08 21:56 3474 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-11-27 16:57 . 2011-07-23 03:32 3474 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2009-07-13 23:18 . 2009-07-14 01:24 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
+ 2011-07-13 00:27 . 2011-06-02 06:23 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
- 2011-07-10 02:02 . 2011-07-10 02:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-23 03:33 . 2011-07-23 03:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-10 02:02 . 2011-07-10 02:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-23 03:33 . 2011-07-23 03:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-13 00:27 . 2011-06-02 05:54 272384 c:\windows\SysWOW64\KernelBase.dll
+ 2011-07-13 00:27 . 2011-05-14 06:32 837120 c:\windows\SysWOW64\kernel32.dll
+ 2011-07-13 00:27 . 2011-06-02 06:45 362496 c:\windows\system32\wow64win.dll
+ 2011-07-13 00:27 . 2011-06-02 06:45 243200 c:\windows\system32\wow64.dll
- 2010-09-10 01:50 . 2009-12-22 08:36 243200 c:\windows\system32\wow64.dll
+ 2011-07-13 00:27 . 2011-06-02 06:44 214528 c:\windows\system32\winsrv.dll
+ 2010-12-21 01:04 . 2011-07-19 16:04 210276 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-11-26 22:23 . 2011-07-23 03:04 267378 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-07-10 01:48 626722 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-23 03:06 626722 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-07-10 01:48 107708 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-07-23 03:06 107708 c:\windows\system32\perfc009.dat
+ 2011-07-13 00:27 . 2011-06-02 06:39 422400 c:\windows\system32\KernelBase.dll
- 2009-07-14 04:45 . 2011-07-01 08:36 343472 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-07-13 11:49 343472 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:30 . 2011-07-13 11:48 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-06-10 04:30 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-07-13 11:48 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-05-12 22:51 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 00:06 . 2009-07-14 01:39 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\fsquirt.exe
+ 2011-07-13 00:27 . 2011-04-28 03:58 552448 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\bthport.sys
+ 2009-07-14 05:31 . 2011-07-13 11:48 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2011-05-12 22:51 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2011-07-13 00:27 . 2011-06-02 06:35 338944 c:\windows\system32\conhost.exe
- 2009-07-14 05:01 . 2011-07-10 02:02 319436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-23 03:32 319436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-11-27 16:57 . 2011-07-10 02:02 878188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2046797835-1935098037-635485279-1000-8192.dat
+ 2010-11-27 16:57 . 2011-07-16 02:19 878188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2046797835-1935098037-635485279-1000-8192.dat
+ 2011-07-16 04:51 . 2011-07-16 04:51 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2011-07-13 00:27 . 2011-06-11 02:56 3134464 c:\windows\system32\win32k.sys
+ 2011-07-13 00:27 . 2011-05-14 07:36 1162240 c:\windows\system32\kernel32.dll
- 2009-07-13 23:28 . 2009-07-14 01:41 1162240 c:\windows\system32\kernel32.dll
+ 2009-07-14 04:45 . 2011-07-13 11:52 3798234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-07-01 08:39 3798234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-07-16 04:51 . 2011-07-16 04:52 3341312 c:\windows\Installer\8b6071.msi
- 2009-07-14 02:34 . 2011-07-10 00:22 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-07-23 03:25 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-11-25 00:07 . 2011-07-13 07:01 50867144 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 17:29 1490312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-10-06 16:23 1294136 ----a-w- c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-09-10 332272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 02:09]
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 02:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E48F6776-C5D1-4410-B1B5-4FC60799DAD0}: NameServer = 209.18.47.61,209.18.47.62
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\41rp7msj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PF&o=15176&locale=en_US&apn_uid=ae5ecbee-6eb3-4182-9dd3-9c1246279b8b&apn_ptnrs=RW&apn_sauid=6592821F-BC76-4697-97CE-74EDCF32BF1D&apn_dtid=YYYYYYYYUS&q=
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2046797835-1935098037-635485279-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2046797835-1935098037-635485279-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-07-22 23:40:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-23 03:40
ComboFix2.txt 2011-07-10 02:08
.
Pre-Run: 213,119,889,408 bytes free
Post-Run: 212,806,148,096 bytes free
.
- - End Of File - - 02669E5B878A9AF0076F70D9A3FBC7DF



=======================================================================================================================




Redirection has stopped as far as I can tell.

Noelle
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
One more time just to make sure that the userinit infection is gone for good. We will also clear up the erroneous MSSE indication.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

SecCenter::
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

DirLook::
C:\Program Files\Common
%user%\library


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.
  • 0

#8
Noelle Minuet

Noelle Minuet

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ComboFix 11-07-23.01 - owner 07/23/2011 4:17.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2934.1430 [GMT -4:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
Command switches used :: c:\users\owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))
.
.
2011-07-23 08:29 . 2011-07-23 08:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-07-23 08:29 . 2011-07-23 08:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-22 01:15 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{063D0788-6BFE-4FE2-93F0-8F1EFEBA39F3}\mpengine.dll
2011-07-16 04:51 . 2011-07-16 04:52 -------- d-----w- c:\program files (x86)\Ask.com
2011-07-13 16:44 . 2011-07-13 16:44 -------- d-----w- c:\program files (x86)\ESET
2011-07-13 11:57 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-13 11:57 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-13 11:57 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-13 11:57 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-13 11:57 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-13 11:57 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-13 11:57 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-13 11:57 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-12 22:11 . 2011-07-12 22:15 -------- d-----w- c:\users\owner\AppData\Roaming\QuickScan
2011-07-12 22:09 . 2011-07-12 22:09 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-12 22:09 . 2011-07-12 22:09 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-10 00:17 . 2011-07-10 00:17 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2011-07-10 00:17 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-10 00:17 . 2011-07-10 00:17 -------- d-----w- c:\programdata\Malwarebytes
2011-07-10 00:17 . 2011-07-10 00:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-10 00:17 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-10 00:08 . 2011-07-10 00:08 -------- d-----w- C:\_OTL
2011-07-09 07:28 . 2011-07-09 07:28 -------- d-----w- C:\_OTM
2011-07-09 01:41 . 2011-07-09 01:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-09 01:41 . 2011-05-04 08:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-09 01:41 . 2011-05-04 08:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-06-27 05:34 . 2011-06-27 05:38 -------- d-----w- c:\program files (x86)\SecondLifeViewer2
2011-06-26 00:56 . 2011-06-26 00:56 -------- d-----w- c:\programdata\Cisco Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-05-27 03:51 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-15 18:25 . 2011-05-19 16:51 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-07 17:10 . 2011-04-12 01:24 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-02 05:56 . 2011-07-13 00:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:25 . 2011-06-16 03:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-16 03:14 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-04 02:51 . 2011-06-16 03:15 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-16 03:15 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-16 03:15 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-16 03:14 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-16 03:14 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:13 . 2011-06-16 03:14 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-16 03:14 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-16 03:14 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:57 . 2011-06-16 03:15 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 05:32 . 2011-06-16 03:15 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:44 . 2011-06-16 03:15 499712 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( SnapShot_2011-07-23_03.34.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-07-23 03:32 . 2011-07-23 03:32 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-07-23 08:29 . 2011-07-23 08:29 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 04:54 . 2011-07-23 08:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-23 03:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-23 03:34 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-23 08:30 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-23 08:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-23 03:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-07-23 03:35 44494 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-24 23:31 . 2011-07-23 03:35 13194 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2046797835-1935098037-635485279-1000_UserData.bin
- 2010-11-25 02:26 . 2011-07-23 03:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-25 02:26 . 2011-07-23 08:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-09 07:32 . 2011-07-23 08:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-09 07:32 . 2011-07-23 03:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-23 03:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-23 08:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-30 02:55 . 2011-07-23 08:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-30 02:55 . 2011-07-23 03:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-30 02:55 . 2011-07-23 08:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-30 02:55 . 2011-07-23 03:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-30 02:55 . 2011-07-23 08:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-30 02:55 . 2011-07-23 03:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-24 23:35 . 2011-07-23 08:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-24 23:35 . 2011-07-23 03:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-24 23:35 . 2011-07-23 03:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-24 23:35 . 2011-07-23 08:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-23 08:30 . 2011-07-23 08:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-23 03:33 . 2011-07-23 03:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-23 03:33 . 2011-07-23 03:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-23 08:30 . 2011-07-23 08:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-07-23 03:06 626722 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-23 03:40 626722 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-07-23 03:06 107708 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-07-23 03:40 107708 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2011-07-23 08:29 319436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-07-23 03:32 319436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-11-27 16:57 . 2011-07-16 02:19 878188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2046797835-1935098037-635485279-1000-8192.dat
+ 2010-11-27 16:57 . 2011-07-23 08:29 878188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2046797835-1935098037-635485279-1000-8192.dat
- 2009-07-14 02:34 . 2011-07-23 03:25 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-07-23 03:48 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 17:29 1490312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-10-06 16:23 1294136 ----a-w- c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-09-10 332272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 02:09]
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 02:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E48F6776-C5D1-4410-B1B5-4FC60799DAD0}: NameServer = 209.18.47.61,209.18.47.62
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\41rp7msj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PF&o=15176&locale=en_US&apn_uid=ae5ecbee-6eb3-4182-9dd3-9c1246279b8b&apn_ptnrs=RW&apn_sauid=6592821F-BC76-4697-97CE-74EDCF32BF1D&apn_dtid=YYYYYYYYUS&q=
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2046797835-1935098037-635485279-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2046797835-1935098037-635485279-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Skype\Phone\Skype.exe
.
**************************************************************************
.
Completion time: 2011-07-23 04:39:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-23 08:39
ComboFix2.txt 2011-07-23 03:40
ComboFix3.txt 2011-07-10 02:08
.
Pre-Run: 213,677,305,856 bytes free
Post-Run: 213,418,377,216 bytes free
.
- - End Of File - - 9FC39142729BD8D959973FE98A1B8931
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Log looks good. Do you have any problems left?

Ron
  • 0

#10
Noelle Minuet

Noelle Minuet

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Not that I know of :) By the way which of these programs can I take off my computer?

Thank you so much!

Noelle
  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
We need to clean up System Restore.

The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)


If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP