Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirect Virus, and Trojan Virus [Closed]

Started by om20 , Oct 25 2011 12:14 AM

  • This topic is locked This topic is locked

#31
Render
Posted 14 December 2011 - 06:31 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
[2011/12/11 00:05:14 | 000,012,482 | -HS- | M] () -- C:\Users\Enrique\AppData\Local\a5do76j4wt4rop
[2011/12/11 00:05:14 | 000,012,482 | -HS- | M] () -- C:\ProgramData\a5do76j4wt4rop
[2011/12/08 04:43:42 | 000,009,782 | -HS- | M] () -- C:\Users\Enrique\AppData\Local\p8kp11e13ulrh2n7or8223hv0vpil2b3
[2011/12/08 04:43:42 | 000,009,782 | -HS- | M] () -- C:\ProgramData\p8kp11e13ulrh2n7or8223hv0vpil2b3
[2011/06/29 09:41:18 | 000,000,078 | ---- | C] () -- C:\ProgramData\7822f4ff
[2011/05/29 22:25:21 | 000,011,440 | -HS- | C] () -- C:\ProgramData\5tj76a8lhem5hw5065kc0t1ls4prx67h17ci0hn6l4qr
[2011/05/29 22:25:21 | 000,011,438 | -HS- | C] () -- C:\Users\Enrique\AppData\Local\5tj76a8lhem5hw5065kc0t1ls4prx67h17ci0hn6l4qr

  	
:Files
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYJAVA]
[emptyflash]
[createrestorepoint]
[reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements

#32
om20
Posted 14 December 2011 - 11:44 AM

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
here is the report from the Fix. But the Quick Scan Doesn't produce a Report. Where can I find it?

All processes killed
========== OTL ==========
Prefs.js: [email protected]:1.0.0 removed from extensions.enabledItems
C:\Users\Enrique\AppData\Local\a5do76j4wt4rop moved successfully.
C:\ProgramData\a5do76j4wt4rop moved successfully.
C:\Users\Enrique\AppData\Local\p8kp11e13ulrh2n7or8223hv0vpil2b3 moved successfully.
C:\ProgramData\p8kp11e13ulrh2n7or8223hv0vpil2b3 moved successfully.
C:\ProgramData\7822f4ff moved successfully.
C:\ProgramData\5tj76a8lhem5hw5065kc0t1ls4prx67h17ci0hn6l4qr moved successfully.
C:\Users\Enrique\AppData\Local\5tj76a8lhem5hw5065kc0t1ls4prx67h17ci0hn6l4qr moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Enrique\Desktop\cmd.bat deleted successfully.
C:\Users\Enrique\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Enrique
->Temp folder emptied: 28001492 bytes
->Temporary Internet Files folder emptied: 2195027 bytes
->Java cache emptied: 5178776 bytes
->FireFox cache emptied: 121009992 bytes
->Google Chrome cache emptied: 13708662 bytes
->Flash cache emptied: 53630 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7992 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
RecycleBin emptied: 104389 bytes

Total Files Cleaned = 163.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Enrique
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Enrique
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 12142011_092005
  • 0

#33
Render
Posted 14 December 2011 - 11:53 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

Where can I find it?


It should be on your desktop.
  • 0

#34
om20
Posted 14 December 2011 - 03:09 PM

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I think this is it. It was in a file on the desktop marked "OLT.tct"

OTL logfile created on: 12/14/2011 9:35:57 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Enrique\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.33 Gb Available Physical Memory | 81.67% Memory free
15.50 Gb Paging File | 14.03 Gb Available in Paging File | 90.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 912.93 Gb Total Space | 783.41 Gb Free Space | 85.81% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ENRIQUE-PC | User Name: Enrique | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/13 16:13:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Enrique\Desktop\OTL.exe
PRC - [2011/05/10 04:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/07/27 01:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
PRC - [2009/12/23 12:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009/06/04 14:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2009/06/04 14:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2009/01/15 13:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2006/01/10 08:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/10 04:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/01/24 18:57:23 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/11/15 10:08:10 | 005,716,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2010/08/04 01:51:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/07/27 01:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/23 12:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/10/01 15:45:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 04:04:08 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/05/10 04:04:07 | 000,287,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/05/10 04:02:41 | 000,053,592 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/05/10 03:59:59 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/05/10 03:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/05/10 03:59:37 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/14 18:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/02 15:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/25 09:59:32 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/10/25 09:59:28 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/04 02:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/08/04 02:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/04 01:15:46 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/27 01:47:46 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2010/07/27 01:47:36 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2010/04/08 04:12:00 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/15 19:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 11:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/10 12:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 12:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 06:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 17:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2010/07/27 01:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 01:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/01/04 13:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C DC 36 01 F3 D8 25 4E 8D D0 4C 4C CF AB 4F BA [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Enrique\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/05 15:20:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/05 15:20:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/15 18:36:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/15 18:36:51 | 000,000,000 | ---D | M]

[2010/12/28 20:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Extensions
[2011/12/13 16:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions
[2011/12/12 09:02:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/03 13:57:43 | 000,000,903 | ---- | M] () -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\searchplugins\conduit.xml
[2011/05/15 18:36:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\ENRIQUE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P2UPHUW6.DEFAULT\EXTENSIONS\{BA14329E-9550-4989-B3F2-9732E92D17CC}
() (No name found) -- C:\USERS\ENRIQUE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P2UPHUW6.DEFAULT\EXTENSIONS\[email protected]
[2011/04/14 08:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: No name found = C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\
CHR - Extension: No name found = C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2011/12/14 09:20:07 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files (x86)\Nova Development\Print Artist Gold\ReminderApp.exe ()
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [AdobeUpdater6] C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Enrique\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O8:64bit: - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint Preview - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC411A11-3342-46A9-9EF4-906B6B494DDB}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4a7403a2-4a76-11e0-a66f-20cf30e9c89a}\Shell - "" = AutoRun
O33 - MountPoints2\{4a7403a2-4a76-11e0-a66f-20cf30e9c89a}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = 3y8] -- "C:\Users\Enrique\AppData\Local\fex.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/14 09:20:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/13 16:13:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Enrique\Desktop\OTL.exe
[2011/12/13 13:27:21 | 000,000,000 | ---D | C] -- C:\Users\Enrique\Desktop\NNNEWWW
[2011/12/13 08:05:39 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Enrique\Desktop\tdsskiller.exe
[2011/12/13 07:51:50 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{8ED9C195-311B-437E-AA85-0BB046F352AC}
[2011/12/13 07:51:38 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{9D1EE98A-C69D-4ED2-AA81-33588B64F136}
[2011/12/12 14:48:12 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3160580E-E4A6-40AA-85F1-D4C9758DB65F}
[2011/12/12 14:47:59 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{B16CE6D1-DA6D-4A08-B8E8-042800392BE6}
[2011/12/12 08:19:40 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{32F10E2E-41FA-4E77-AF4C-4A701811EFC8}
[2011/12/12 08:19:27 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{C2407592-3EA6-4E7B-9044-647DCF682CD0}
[2011/12/11 17:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/12/11 13:12:53 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{D4E8C539-65E0-4C7D-A4D9-B8F54C198A63}
[2011/12/11 13:12:31 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{051B2991-AABE-452A-9634-50DE1A668D4F}
[2011/12/11 09:06:26 | 000,080,896 | ---- | C] (maliprog) -- C:\Users\Enrique\Desktop\getpartitions.exe
[2011/12/11 08:17:20 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{DCDAFF2D-DE03-45A0-A063-A6433CAA122B}
[2011/12/11 08:17:05 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{1E366661-E865-4716-ABEE-5804E9DD3D6E}
[2011/12/11 01:00:05 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{56E0CAA8-1081-45AD-84B0-2B1F7EE6442A}
[2011/12/11 00:59:43 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{AA523640-6424-448A-A99B-7D0CFDCFD57A}
[2011/12/10 08:32:09 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{84D142E9-FAC3-4942-81DD-6145675D6D0A}
[2011/12/10 08:31:53 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{D67981F3-C854-43E2-9E7E-CB7F6A482B42}
[2011/12/10 00:47:53 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Enrique\Desktop\aswMBR.exe
[2011/12/10 00:33:45 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/12/09 06:06:19 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{5F25FD9B-1330-4006-883A-A9BAA4840687}
[2011/12/09 06:05:56 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{E61B8A0A-B382-478B-92B8-A01730697BAB}
[2011/12/08 05:22:30 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{87723472-7B75-44C5-B525-6B4AA742A882}
[2011/12/08 05:22:07 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{738FFA6C-8CF9-4302-BAE8-DDAC25722459}
[2011/12/08 04:54:01 | 003,552,208 | ---- | C] (Piriform Ltd) -- C:\Users\Enrique\Desktop\ccsetup313.exe
[2011/12/05 15:38:33 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{228D960C-4877-4E83-BE77-7E9AF61D0560}
[2011/12/05 15:38:20 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{244C1C39-E1F3-49FD-8694-871462D54F62}
[2011/12/04 22:03:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011/12/04 22:03:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011/12/04 22:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/12/04 22:02:47 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/12/04 22:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/12/03 13:50:52 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{0C9321DE-84E1-4422-B9C6-1C60E3AEDBE3}
[2011/12/03 13:50:39 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{2B00978A-71E6-4420-84FA-1938B38C9782}
[2011/11/30 18:10:13 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{1C39BB25-F156-4BB0-9755-27CEA325221D}
[2011/11/30 18:09:59 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{2C92D726-1B87-472E-88A5-FBBCB952F3E3}
[2011/11/27 22:18:12 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{EE265590-8213-4598-BC67-C003E7A92809}
[2011/11/27 22:17:56 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{1E2865E7-CD72-40A4-83EB-799D824F43A4}
[2011/11/15 11:12:47 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{5FCBFC2E-B432-44F7-8E54-EA6E791D4263}
[2011/11/15 11:12:31 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{FA0F0B46-795F-4113-991C-1ABD425251CC}
[2011/11/14 16:43:48 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{99348472-C8CF-4B2E-80A6-7EB01700FC77}
[2011/11/14 16:43:18 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F3002A94-18AB-43F3-9F1F-763412BB79F6}
[2009/05/14 22:15:24 | 005,719,400 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/05/14 22:15:24 | 004,397,928 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/14 09:29:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 09:29:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 09:27:14 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/14 09:22:05 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/14 09:21:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/14 09:21:47 | 1945,505,791 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/14 09:20:07 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/12/13 23:52:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001UA.job
[2011/12/13 23:32:36 | 002,255,617 | ---- | M] () -- C:\Users\Enrique\Desktop\b1.psd
[2011/12/13 23:30:46 | 000,001,456 | ---- | M] () -- C:\Users\Enrique\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/12/13 23:30:45 | 000,566,502 | ---- | M] () -- C:\Users\Enrique\Desktop\b1.jpg
[2011/12/13 23:18:19 | 000,014,906 | -HS- | M] () -- C:\Users\Enrique\AppData\Local\b8gu32o8te3ibj
[2011/12/13 23:18:19 | 000,014,906 | -HS- | M] () -- C:\ProgramData\b8gu32o8te3ibj
[2011/12/13 23:14:08 | 000,387,072 | ---- | M] () -- C:\Users\Enrique\Documents\ms0Xv5.exe
[2011/12/13 22:16:23 | 001,640,941 | ---- | M] () -- C:\Users\Enrique\Desktop\gremlin.psd
[2011/12/13 21:23:29 | 087,779,623 | ---- | M] () -- C:\Users\Enrique\Desktop\tig-1.psd
[2011/12/13 16:13:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Enrique\Desktop\OTL.exe
[2011/12/13 13:37:22 | 000,336,796 | ---- | M] () -- C:\Users\Enrique\Desktop\spillpic.jpg
[2011/12/13 13:02:29 | 000,072,355 | ---- | M] () -- C:\Users\Enrique\Desktop\387526_2606320674478_1148748487_32567376_1880113979_n.jpg
[2011/12/13 11:52:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001Core.job
[2011/12/13 11:47:01 | 000,161,815 | ---- | M] () -- C:\Users\Enrique\Desktop\08053018490112g0e751m8.jpg
[2011/12/13 08:05:47 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Enrique\Desktop\tdsskiller.exe
[2011/12/12 15:47:21 | 000,088,974 | ---- | M] () -- C:\Users\Enrique\Desktop\addfg.jpg
[2011/12/12 15:46:08 | 001,053,098 | ---- | M] () -- C:\Users\Enrique\Desktop\Chase_by_samburley.png
[2011/12/11 19:22:44 | 000,006,196 | -HS- | M] () -- C:\Windows\5113895drv.spi
[2011/12/11 18:01:48 | 000,136,280 | ---- | M] () -- C:\Users\Enrique\Desktop\Dune_Boogie_by_ahbiasaaja.jpg
[2011/12/11 17:41:08 | 105,515,512 | ---- | M] () -- C:\Users\Enrique\Desktop\setup_11.0.0.1245.x01_2011_12_12_04_22.exe
[2011/12/11 09:06:29 | 000,080,896 | ---- | M] (maliprog) -- C:\Users\Enrique\Desktop\getpartitions.exe
[2011/12/10 19:53:42 | 000,052,617 | ---- | M] () -- C:\Users\Enrique\Desktop\tiger-growl.jpg
[2011/12/10 19:25:55 | 000,323,616 | ---- | M] () -- C:\Users\Enrique\Desktop\Month_Book_pg_35_36_by_InvaderTigerstar.jpg
[2011/12/10 15:25:00 | 000,046,728 | ---- | M] () -- C:\Users\Enrique\Desktop\Mohawk_2.jpg
[2011/12/10 15:24:43 | 000,009,244 | ---- | M] () -- C:\Users\Enrique\Desktop\images.jpg
[2011/12/10 15:24:11 | 000,022,556 | ---- | M] () -- C:\Users\Enrique\Desktop\NC30633lg.jpg
[2011/12/10 15:22:31 | 000,446,886 | ---- | M] () -- C:\Users\Enrique\Desktop\damien_canderle_gremlins2.jpg
[2011/12/10 15:21:54 | 000,109,950 | ---- | M] () -- C:\Users\Enrique\Desktop\gremlin.jpg
[2011/12/10 10:54:13 | 009,746,127 | ---- | M] () -- C:\Users\Enrique\Desktop\leon.psd
[2011/12/10 00:52:24 | 000,000,539 | ---- | M] () -- C:\Users\Enrique\Desktop\MBR.rar
[2011/12/10 00:47:54 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Enrique\Desktop\aswMBR.exe
[2011/12/09 22:25:16 | 000,088,827 | ---- | M] () -- C:\Users\Enrique\Desktop\316645_10150265530771652_556606651_8188422_6033131_n.jpg
[2011/12/09 22:24:56 | 000,065,892 | ---- | M] () -- C:\Users\Enrique\Desktop\250864_10150186297481652_556606651_7437903_5651744_n.jpg
[2011/12/09 22:24:40 | 000,193,223 | ---- | M] () -- C:\Users\Enrique\Desktop\301216_10150265531006652_556606651_8188425_4368654_n.jpg
[2011/12/09 22:24:17 | 000,050,670 | ---- | M] () -- C:\Users\Enrique\Desktop\150210_446738541651_556606651_5973095_2759792_n.jpg
[2011/12/09 20:32:57 | 000,673,075 | ---- | M] () -- C:\Users\Enrique\Desktop\a018de61432b6a10724c7418be9e0145-d4fqsrm.jpg
[2011/12/09 15:19:33 | 000,123,617 | ---- | M] () -- C:\Users\Enrique\Desktop\Emerging_Deva_2_by_tavari.jpg
[2011/12/08 17:43:16 | 000,240,666 | ---- | M] () -- C:\Users\Enrique\Desktop\3320514916_8fb4c53ace.jpg
[2011/12/08 15:52:55 | 008,434,071 | ---- | M] () -- C:\Users\Enrique\Desktop\conan.psd
[2011/12/08 15:25:04 | 000,085,097 | ---- | M] () -- C:\Users\Enrique\Desktop\Douche.jpg
[2011/12/08 04:58:27 | 000,004,434 | ---- | M] () -- C:\Users\Enrique\Documents\cc_20111208_045822.reg
[2011/12/08 04:54:43 | 003,552,208 | ---- | M] (Piriform Ltd) -- C:\Users\Enrique\Desktop\ccsetup313.exe
[2011/12/06 22:42:50 | 003,221,484 | ---- | M] () -- C:\Users\Enrique\Desktop\r3c.psd
[2011/12/06 01:12:59 | 008,342,118 | ---- | M] () -- C:\Users\Enrique\Desktop\r2.psd
[2011/12/05 22:51:15 | 000,189,289 | ---- | M] () -- C:\Users\Enrique\Desktop\chart.psd
[2011/12/04 22:04:22 | 000,135,236 | ---- | M] () -- C:\Windows\hpoins36.dat
[2011/12/04 21:58:12 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/04 21:58:12 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/04 21:58:12 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/03 19:10:37 | 000,279,896 | ---- | M] () -- C:\Users\Enrique\Desktop\DSCN1980.JPG
[2011/12/02 05:21:58 | 000,072,587 | ---- | M] () -- C:\Users\Enrique\Desktop\385231_2580895491683_1533313735_2681060_180846874_n.jpg
[2011/12/02 05:21:30 | 000,103,362 | ---- | M] () -- C:\Users\Enrique\Desktop\384091_2580893491633_1533313735_2681056_2143368044_n.jpg
[2011/12/02 04:40:01 | 000,172,789 | ---- | M] () -- C:\Users\Enrique\Desktop\382967_2580892251602_1533313735_2681054_359181174_n.jpg
[2011/12/02 01:12:26 | 018,440,246 | ---- | M] () -- C:\Users\Enrique\Desktop\r1.psd
[2011/11/18 04:28:13 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/13 23:32:36 | 002,255,617 | ---- | C] () -- C:\Users\Enrique\Desktop\b1.psd
[2011/12/13 23:30:45 | 000,566,502 | ---- | C] () -- C:\Users\Enrique\Desktop\b1.jpg
[2011/12/13 23:14:08 | 000,387,072 | ---- | C] () -- C:\Users\Enrique\Documents\ms0Xv5.exe
[2011/12/13 23:14:02 | 000,014,906 | -HS- | C] () -- C:\Users\Enrique\AppData\Local\b8gu32o8te3ibj
[2011/12/13 23:14:02 | 000,014,906 | -HS- | C] () -- C:\ProgramData\b8gu32o8te3ibj
[2011/12/13 22:16:07 | 001,640,941 | ---- | C] () -- C:\Users\Enrique\Desktop\gremlin.psd
[2011/12/13 13:37:21 | 000,336,796 | ---- | C] () -- C:\Users\Enrique\Desktop\spillpic.jpg
[2011/12/13 13:02:28 | 000,072,355 | ---- | C] () -- C:\Users\Enrique\Desktop\387526_2606320674478_1148748487_32567376_1880113979_n.jpg
[2011/12/13 11:47:00 | 000,161,815 | ---- | C] () -- C:\Users\Enrique\Desktop\08053018490112g0e751m8.jpg
[2011/12/12 15:47:21 | 000,088,974 | ---- | C] () -- C:\Users\Enrique\Desktop\addfg.jpg
[2011/12/12 15:46:07 | 001,053,098 | ---- | C] () -- C:\Users\Enrique\Desktop\Chase_by_samburley.png
[2011/12/11 18:01:47 | 000,136,280 | ---- | C] () -- C:\Users\Enrique\Desktop\Dune_Boogie_by_ahbiasaaja.jpg
[2011/12/11 18:00:50 | 000,006,196 | -HS- | C] () -- C:\Windows\5113895drv.spi
[2011/12/11 17:38:37 | 105,515,512 | ---- | C] () -- C:\Users\Enrique\Desktop\setup_11.0.0.1245.x01_2011_12_12_04_22.exe
[2011/12/10 19:25:54 | 000,323,616 | ---- | C] () -- C:\Users\Enrique\Desktop\Month_Book_pg_35_36_by_InvaderTigerstar.jpg
[2011/12/10 15:25:00 | 000,046,728 | ---- | C] () -- C:\Users\Enrique\Desktop\Mohawk_2.jpg
[2011/12/10 15:24:43 | 000,009,244 | ---- | C] () -- C:\Users\Enrique\Desktop\images.jpg
[2011/12/10 15:24:11 | 000,022,556 | ---- | C] () -- C:\Users\Enrique\Desktop\NC30633lg.jpg
[2011/12/10 15:22:31 | 000,446,886 | ---- | C] () -- C:\Users\Enrique\Desktop\damien_canderle_gremlins2.jpg
[2011/12/10 15:21:53 | 000,109,950 | ---- | C] () -- C:\Users\Enrique\Desktop\gremlin.jpg
[2011/12/10 00:52:24 | 000,000,539 | ---- | C] () -- C:\Users\Enrique\Desktop\MBR.rar
[2011/12/09 22:25:16 | 000,088,827 | ---- | C] () -- C:\Users\Enrique\Desktop\316645_10150265530771652_556606651_8188422_6033131_n.jpg
[2011/12/09 22:24:55 | 000,065,892 | ---- | C] () -- C:\Users\Enrique\Desktop\250864_10150186297481652_556606651_7437903_5651744_n.jpg
[2011/12/09 22:24:39 | 000,193,223 | ---- | C] () -- C:\Users\Enrique\Desktop\301216_10150265531006652_556606651_8188425_4368654_n.jpg
[2011/12/09 22:24:16 | 000,050,670 | ---- | C] () -- C:\Users\Enrique\Desktop\150210_446738541651_556606651_5973095_2759792_n.jpg
[2011/12/09 21:09:02 | 087,779,623 | ---- | C] () -- C:\Users\Enrique\Desktop\tig-1.psd
[2011/12/09 20:50:53 | 000,052,617 | ---- | C] () -- C:\Users\Enrique\Desktop\tiger-growl.jpg
[2011/12/09 20:32:56 | 000,673,075 | ---- | C] () -- C:\Users\Enrique\Desktop\a018de61432b6a10724c7418be9e0145-d4fqsrm.jpg
[2011/12/09 15:19:32 | 000,123,617 | ---- | C] () -- C:\Users\Enrique\Desktop\Emerging_Deva_2_by_tavari.jpg
[2011/12/08 17:43:15 | 000,240,666 | ---- | C] () -- C:\Users\Enrique\Desktop\3320514916_8fb4c53ace.jpg
[2011/12/08 15:25:04 | 000,085,097 | ---- | C] () -- C:\Users\Enrique\Desktop\Douche.jpg
[2011/12/08 04:58:24 | 000,004,434 | ---- | C] () -- C:\Users\Enrique\Documents\cc_20111208_045822.reg
[2011/12/07 03:15:30 | 009,746,127 | ---- | C] () -- C:\Users\Enrique\Desktop\leon.psd
[2011/12/06 22:42:49 | 003,221,484 | ---- | C] () -- C:\Users\Enrique\Desktop\r3c.psd
[2011/12/05 22:51:14 | 000,189,289 | ---- | C] () -- C:\Users\Enrique\Desktop\chart.psd
[2011/12/04 22:02:07 | 000,135,236 | ---- | C] () -- C:\Windows\hpoins36.dat
[2011/12/04 22:02:07 | 000,000,578 | ---- | C] () -- C:\Windows\hpomdl36.dat
[2011/12/03 19:08:23 | 000,279,896 | ---- | C] () -- C:\Users\Enrique\Desktop\DSCN1980.JPG
[2011/12/02 05:21:57 | 000,072,587 | ---- | C] () -- C:\Users\Enrique\Desktop\385231_2580895491683_1533313735_2681060_180846874_n.jpg
[2011/12/02 05:21:29 | 000,103,362 | ---- | C] () -- C:\Users\Enrique\Desktop\384091_2580893491633_1533313735_2681056_2143368044_n.jpg
[2011/12/02 04:40:00 | 000,172,789 | ---- | C] () -- C:\Users\Enrique\Desktop\382967_2580892251602_1533313735_2681054_359181174_n.jpg
[2011/12/02 01:22:05 | 008,342,118 | ---- | C] () -- C:\Users\Enrique\Desktop\r2.psd
[2011/12/01 08:12:36 | 018,440,246 | ---- | C] () -- C:\Users\Enrique\Desktop\r1.psd
[2011/04/23 23:54:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe
[2010/12/26 19:39:17 | 000,001,456 | ---- | C] () -- C:\Users\Enrique\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/12/26 19:10:54 | 000,000,431 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/12/26 11:58:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/28 14:36:06 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010/07/28 14:35:35 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2010/07/28 14:34:23 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/07/28 14:34:23 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/07/28 14:34:22 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/07/28 14:34:22 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/07/28 14:32:49 | 000,009,987 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/07/28 14:32:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/07/28 14:32:46 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2010/07/28 14:32:46 | 000,007,698 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/07/28 14:30:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/15 22:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 13:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 13:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 13:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI

========== LOP Check ==========

[2011/02/09 23:52:31 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\acccore
[2011/01/24 19:21:29 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Autodesk
[2011/11/10 21:41:13 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Azureus
[2011/09/05 14:05:19 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Canon
[2011/04/30 21:44:17 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/03 10:49:38 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Filter Forge Freepack 2 - Photo Effects
[2011/07/12 02:20:09 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/07/07 14:57:13 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\PingKaching.45C46A55E3922496F6ADD09FCC67FAC1A9B38B70.1
[2010/12/26 19:10:45 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\ScanSoft
[2011/01/31 22:43:29 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/24 12:18:18 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Windows Live Writer
[2011/12/13 11:52:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001Core.job
[2011/12/13 23:52:00 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001UA.job
[2011/12/13 23:41:22 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >
  • 0

#35
Render
Posted 14 December 2011 - 03:30 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please try to run Combofix once again:

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
  • 0

#36
om20
Posted 15 December 2011 - 12:10 AM

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
ComboFix 11-12-13.03 - Enrique 12/14/2011 21:56:14.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7935.6268 [GMT -8:00]
Running from: c:\users\Enrique\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 06:00 . 2011-12-15 06:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-14 17:20 . 2011-12-14 17:20 -------- d-----w- C:\_OTL
2011-12-12 01:43 . 2011-12-12 01:43 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-05 06:03 . 2011-12-05 06:03 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-12-05 06:03 . 2011-12-05 06:03 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2011-12-05 06:03 . 2008-10-06 23:39 254464 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp083.dll
2011-12-05 06:03 . 2008-10-06 23:39 134144 ----a-w- c:\windows\system32\hpf3l083.dll
2011-12-05 06:02 . 2011-12-05 06:03 -------- d-----w- c:\program files (x86)\HP
2011-12-05 06:02 . 2011-12-05 06:02 -------- d-----w- c:\programdata\HP
2011-12-05 06:02 . 2008-10-30 08:58 966656 ----a-w- c:\windows\system32\hposwia_p02b.dll
2011-12-05 06:02 . 2008-10-30 08:58 512512 ----a-w- c:\windows\system32\hposc_p02a.dll
2011-12-05 06:02 . 2008-10-30 08:58 1411584 ----a-w- c:\windows\system32\hpost_p02b.dll
2011-12-05 06:02 . 2008-10-30 08:56 362328 ----a-w- c:\windows\system32\HPZIDS40.dll
2011-12-05 05:56 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-01 03:21 . 2011-10-12 04:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-12 04:26 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-29 16:24 . 2011-11-09 07:58 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:09 . 2011-11-09 07:58 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-09-26 13:24 . 2011-09-28 01:24 44 ---h--w- c:\program files (x86)\d11a7636.tmp
2009-05-15 06:15 . 2009-05-15 06:15 5719400 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-05-15 06:15 . 2009-05-15 06:15 4397928 ----a-w- c:\program files\Common Files\adlmint.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-04 14944136]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-26 39408]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"Facebook Update"="c:\users\Enrique\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-05 137536]
"AdobeUpdater6"="c:\program files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2009-01-08 2521464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-16 2245120]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-18 98304]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2011-02-08 63360]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"AddressBookReminderApp"="c:\program files (x86)\Nova Development\Print Artist Gold\ReminderApp.exe" [2009-08-31 144672]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 avast! Antivirus32;avast! Antivirus ;c:\programdata\kbdheb32.exe [x]
R2 avast! Antivirus3232;avast! Antivirus ;c:\programdata\wuwebv32.exe [x]
R2 avast! Antivirus323232;avast! Antivirus ;c:\programdata\shellstyle32.exe [x]
R2 avast! Antivirus32323232;avast! Antivirus ;c:\programdata\colorcnv32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 136176]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-01-25 1315592]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
R3 Sdtlpnfl;Sdtlpnfl; [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-08 517632]
S2 McciServiceHost;McciServiceHost;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe [2010-07-27 315392]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001Core.job
- c:\users\Enrique\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 18:47]
.
2011-12-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001UA.job
- c:\users\Enrique\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 18:47]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 19:57]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 19:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1424896]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-Yahoo! Mail - c:\windows\system32\regsvr32
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:71,03,ea,f7,a1,12,49,52,79,36,dd,41,c5,09,43,4d,d6,e8,a2,fe,f4,
50,52,6b,8f,1b,fd,b3,2e,89,7f,f2,a9,dd,da,06,8f,8a,c7,91,39,e6,b7,d7,82,3c,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Motive\McciContextHookShim.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2011-12-14 22:06:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-15 06:06
.
Pre-Run: 839,622,361,088 bytes free
Post-Run: 839,461,961,728 bytes free
.
- - End Of File - - 54EEAB42A679E8B21F6B28983399DE28
  • 0

#37
Render
Posted 15 December 2011 - 07:19 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
c:\programdata\kbdheb32.exe
c:\programdata\wuwebv32.exe
c:\programdata\shellstyle32.exe
c:\programdata\colorcnv32.exe

Driver::
avast! Antivirus32
avast! Antivirus3232
avast! Antivirus323232
avast! Antivirus32323232
Sdtlpnfl


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#38
om20
Posted 15 December 2011 - 11:40 AM

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I could not for the life of me Disable MSE. I looked at every tutorial on how to, but still couldn't do it. It just wont come up when I search the computer.:


ComboFix 11-12-13.03 - Enrique 12/15/2011 9:28.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7935.6040 [GMT -8:00]
Running from: c:\users\Enrique\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Enrique\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\colorcnv32.exe"
"c:\programdata\kbdheb32.exe"
"c:\programdata\shellstyle32.exe"
"c:\programdata\wuwebv32.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_avast! Antivirus32
-------\Service_avast! Antivirus3232
-------\Service_avast! Antivirus323232
-------\Service_avast! Antivirus32323232
-------\Service_Sdtlpnfl
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 17:33 . 2011-12-15 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-14 17:20 . 2011-12-14 17:20 -------- d-----w- C:\_OTL
2011-12-12 01:43 . 2011-12-12 01:43 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-05 06:03 . 2011-12-05 06:03 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-12-05 06:03 . 2011-12-05 06:03 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2011-12-05 06:03 . 2008-10-06 23:39 254464 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp083.dll
2011-12-05 06:03 . 2008-10-06 23:39 134144 ----a-w- c:\windows\system32\hpf3l083.dll
2011-12-05 06:02 . 2011-12-05 06:03 -------- d-----w- c:\program files (x86)\HP
2011-12-05 06:02 . 2011-12-05 06:02 -------- d-----w- c:\programdata\HP
2011-12-05 06:02 . 2008-10-30 08:58 966656 ----a-w- c:\windows\system32\hposwia_p02b.dll
2011-12-05 06:02 . 2008-10-30 08:58 512512 ----a-w- c:\windows\system32\hposc_p02a.dll
2011-12-05 06:02 . 2008-10-30 08:58 1411584 ----a-w- c:\windows\system32\hpost_p02b.dll
2011-12-05 06:02 . 2008-10-30 08:56 362328 ----a-w- c:\windows\system32\HPZIDS40.dll
2011-12-05 05:56 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 16:24 . 2011-11-09 07:58 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-26 13:24 . 2011-09-28 01:24 44 ---h--w- c:\program files (x86)\d11a7636.tmp
2009-05-15 06:15 . 2009-05-15 06:15 5719400 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-05-15 06:15 . 2009-05-15 06:15 4397928 ----a-w- c:\program files\Common Files\adlmint.dll
.
.
((((((((((((((((((((((((((((( [email protected]_06.02.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-10-12 04:26 . 2011-08-20 04:35 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-12-15 03:54 . 2011-11-05 04:34 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-12-15 03:54 . 2011-11-05 04:32 12800 c:\windows\SysWOW64\msfeedssync.exe
- 2011-10-12 04:26 . 2011-08-20 04:32 12800 c:\windows\SysWOW64\msfeedssync.exe
- 2011-10-12 04:26 . 2011-08-20 04:35 64512 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-12-15 03:54 . 2011-11-05 04:34 64512 c:\windows\SysWOW64\msfeedsbs.dll
- 2011-10-12 04:26 . 2011-08-20 04:38 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-12-15 03:54 . 2011-11-05 04:35 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2011-10-12 04:26 . 2011-08-20 04:35 44544 c:\windows\SysWOW64\licmgr10.dll
+ 2011-12-15 03:54 . 2011-11-05 04:34 44544 c:\windows\SysWOW64\licmgr10.dll
+ 2011-12-15 03:54 . 2011-11-05 04:34 48128 c:\windows\SysWOW64\jsproxy.dll
- 2011-10-12 04:26 . 2011-08-20 04:35 48128 c:\windows\SysWOW64\jsproxy.dll
+ 2009-07-14 04:54 . 2011-12-15 17:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-15 06:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-15 06:03 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-15 17:35 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-15 17:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-15 06:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-05 18:23 . 2011-12-15 16:55 61612 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-12-14 20:55 42402 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-15 16:55 42402 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-14 19:54 . 2011-12-15 16:55 11112 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3354869186-130629379-3507963822-1001_UserData.bin
+ 2011-12-15 03:54 . 2011-11-05 05:23 97280 c:\windows\system32\mshtmled.dll
- 2011-10-12 04:26 . 2011-08-20 05:41 97280 c:\windows\system32\mshtmled.dll
- 2011-10-12 04:26 . 2011-08-20 05:37 12288 c:\windows\system32\msfeedssync.exe
+ 2011-12-15 03:54 . 2011-11-05 05:19 12288 c:\windows\system32\msfeedssync.exe
+ 2011-12-15 03:54 . 2011-11-05 05:23 82944 c:\windows\system32\msfeedsbs.dll
- 2011-10-12 04:26 . 2011-08-20 05:41 82944 c:\windows\system32\msfeedsbs.dll
+ 2011-12-15 03:54 . 2011-11-05 05:26 95232 c:\windows\system32\migration\WininetPlugin.dll
- 2011-10-12 04:26 . 2011-08-20 05:45 95232 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-12-15 03:54 . 2011-11-05 05:23 57856 c:\windows\system32\licmgr10.dll
- 2011-10-12 04:26 . 2011-08-20 05:41 57856 c:\windows\system32\licmgr10.dll
+ 2011-12-15 03:54 . 2011-11-05 05:22 64512 c:\windows\system32\jsproxy.dll
- 2011-10-12 04:26 . 2011-08-20 05:41 64512 c:\windows\system32\jsproxy.dll
+ 2011-12-15 03:54 . 2011-10-26 05:19 43520 c:\windows\system32\csrsrv.dll
- 2009-07-13 23:19 . 2009-07-14 01:40 43520 c:\windows\system32\csrsrv.dll
+ 2010-12-27 03:02 . 2011-12-15 16:53 51851 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat
+ 2010-12-14 21:35 . 2011-12-15 16:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-14 21:35 . 2011-11-29 21:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-15 07:06 . 2011-12-15 16:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-15 16:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-29 21:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-14 19:56 . 2011-12-15 06:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-14 19:56 . 2011-12-15 17:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-12-15 16:55 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-12-14 19:56 . 2011-12-15 06:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-14 19:56 . 2011-12-15 17:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-14 19:56 . 2011-12-15 17:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-14 19:56 . 2011-12-15 06:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-14 19:56 . 2011-12-15 17:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-14 19:56 . 2011-12-15 05:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-14 19:56 . 2011-12-15 17:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-14 19:56 . 2011-12-15 05:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-14 22:53 . 2011-12-15 07:09 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-12-14 22:53 . 2011-10-12 10:01 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-12-14 22:53 . 2011-12-15 07:09 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-12-14 22:53 . 2011-10-12 10:01 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-12-14 22:53 . 2011-12-15 07:09 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-12-14 22:53 . 2011-10-12 10:01 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-12-15 03:54 . 2011-11-05 04:30 2048 c:\windows\SysWOW64\tzres.dll
- 2011-08-24 05:00 . 2011-07-09 04:30 2048 c:\windows\SysWOW64\tzres.dll
- 2011-08-24 05:00 . 2011-07-09 05:14 2048 c:\windows\system32\tzres.dll
+ 2011-12-15 03:54 . 2011-11-05 05:17 2048 c:\windows\system32\tzres.dll
+ 2011-12-15 17:34 . 2011-12-15 17:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-15 06:02 . 2011-12-15 06:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-15 17:34 . 2011-12-15 17:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-15 06:02 . 2011-12-15 06:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-12 04:26 . 2011-08-20 04:38 981504 c:\windows\SysWOW64\wininet.dll
+ 2011-12-15 03:54 . 2011-11-05 04:35 981504 c:\windows\SysWOW64\wininet.dll
+ 2011-12-15 03:54 . 2011-11-05 04:35 132096 c:\windows\SysWOW64\url.dll
- 2011-10-12 04:26 . 2011-08-20 04:38 132096 c:\windows\SysWOW64\url.dll
+ 2011-12-15 03:54 . 2011-11-05 04:34 606208 c:\windows\SysWOW64\mstime.dll
- 2011-10-12 04:26 . 2011-08-20 04:36 606208 c:\windows\SysWOW64\mstime.dll
+ 2011-12-15 03:54 . 2011-11-05 04:34 599552 c:\windows\SysWOW64\msfeeds.dll
- 2011-10-12 04:26 . 2011-08-20 04:35 599552 c:\windows\SysWOW64\msfeeds.dll
- 2011-10-12 04:26 . 2011-08-20 04:35 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-12-15 03:54 . 2011-11-11 05:50 176640 c:\windows\SysWOW64\ieui.dll
- 2011-10-12 04:26 . 2011-08-20 04:35 185856 c:\windows\SysWOW64\iepeers.dll
+ 2011-12-15 03:54 . 2011-11-05 04:34 185856 c:\windows\SysWOW64\iepeers.dll
+ 2011-12-15 03:54 . 2011-11-05 04:33 381440 c:\windows\SysWOW64\iedkcs32.dll
- 2011-10-12 04:26 . 2011-08-20 04:34 381440 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-12-15 03:54 . 2011-10-15 05:48 534528 c:\windows\SysWOW64\EncDec.dll
- 2011-03-09 10:24 . 2010-12-23 05:28 534528 c:\windows\SysWOW64\EncDec.dll
+ 2011-12-15 03:54 . 2011-11-05 05:26 134144 c:\windows\system32\url.dll
- 2011-10-12 04:26 . 2011-08-20 05:44 134144 c:\windows\system32\url.dll
- 2011-10-12 04:26 . 2011-08-20 05:41 703488 c:\windows\system32\msfeeds.dll
+ 2011-12-15 03:54 . 2011-11-05 05:23 703488 c:\windows\system32\msfeeds.dll
+ 2011-12-15 03:54 . 2011-11-11 06:41 247808 c:\windows\system32\ieui.dll
- 2011-10-12 04:26 . 2011-08-20 05:40 247808 c:\windows\system32\ieui.dll
- 2011-10-12 04:26 . 2011-08-20 05:40 256000 c:\windows\system32\iepeers.dll
+ 2011-12-15 03:54 . 2011-11-05 05:22 256000 c:\windows\system32\iepeers.dll
- 2011-10-12 04:26 . 2011-08-20 05:40 445952 c:\windows\system32\iedkcs32.dll
+ 2011-12-15 03:54 . 2011-11-05 05:22 445952 c:\windows\system32\iedkcs32.dll
+ 2011-12-15 03:54 . 2011-10-15 06:25 723456 c:\windows\system32\EncDec.dll
- 2009-07-14 05:01 . 2011-12-15 06:01 534672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-15 17:33 534672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-14 22:53 . 2011-12-15 07:09 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-12-14 22:53 . 2011-10-12 10:01 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-12-14 22:53 . 2011-12-15 07:09 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2010-12-14 22:53 . 2011-10-12 10:01 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-12-14 22:53 . 2011-12-15 07:09 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2010-12-14 22:53 . 2011-10-12 10:01 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2010-12-14 22:53 . 2011-10-12 10:01 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-12-14 22:53 . 2011-12-15 07:09 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-12-14 22:53 . 2011-12-15 07:09 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2010-12-14 22:53 . 2011-10-12 10:01 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2010-12-14 22:53 . 2011-12-15 07:09 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2010-12-14 22:53 . 2011-10-12 10:01 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-11-04 08:04 . 2008-11-04 08:04 498072 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MORPH9.DLL
+ 2011-12-15 07:09 . 2011-12-15 07:09 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2011-12-15 03:54 . 2011-11-05 04:35 1230336 c:\windows\SysWOW64\urlmon.dll
- 2011-10-12 04:26 . 2011-08-20 04:38 1230336 c:\windows\SysWOW64\urlmon.dll
+ 2011-12-15 03:54 . 2011-11-05 04:34 5997568 c:\windows\SysWOW64\mshtml.dll
- 2011-10-12 04:26 . 2011-08-20 04:35 2072576 c:\windows\SysWOW64\iertutil.dll
+ 2011-12-15 03:54 . 2011-11-05 04:34 2072576 c:\windows\SysWOW64\iertutil.dll
- 2011-10-12 04:26 . 2011-08-20 05:45 1197568 c:\windows\system32\wininet.dll
+ 2011-12-15 03:54 . 2011-11-05 05:26 1197568 c:\windows\system32\wininet.dll
+ 2011-12-15 03:54 . 2011-11-24 05:00 3141632 c:\windows\system32\win32k.sys
- 2011-10-12 04:26 . 2011-08-20 05:44 1501184 c:\windows\system32\urlmon.dll
+ 2011-12-15 03:54 . 2011-11-05 05:26 1501184 c:\windows\system32\urlmon.dll
- 2011-10-12 04:26 . 2011-08-20 05:42 1026560 c:\windows\system32\mstime.dll
+ 2011-12-15 03:54 . 2011-11-05 05:23 1026560 c:\windows\system32\mstime.dll
+ 2011-12-15 03:54 . 2011-11-05 05:23 9332736 c:\windows\system32\mshtml.dll
- 2011-10-12 04:26 . 2011-08-20 05:40 2458624 c:\windows\system32\iertutil.dll
+ 2011-12-15 03:54 . 2011-11-05 05:22 2458624 c:\windows\system32\iertutil.dll
+ 2009-07-14 04:45 . 2011-12-15 16:53 5294648 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2011-11-10 00:18 5294648 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-12-15 16:55 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-12-08 12:54 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-11-01 21:34 . 2011-11-01 21:34 4250112 c:\windows\Installer\3b99a5.msp
+ 2011-11-01 21:34 . 2011-11-01 21:34 2247168 c:\windows\Installer\3b9980.msp
+ 2011-11-12 00:14 . 2011-11-12 00:14 9096192 c:\windows\Installer\3b996c.msp
+ 2011-11-01 21:34 . 2011-11-01 21:34 4225536 c:\windows\Installer\3b9958.msp
+ 2011-11-01 21:34 . 2011-11-01 21:34 2531840 c:\windows\Installer\3b993f.msp
+ 2011-11-12 00:15 . 2011-11-12 00:15 1795584 c:\windows\Installer\3b992b.msp
+ 2011-11-12 00:16 . 2011-11-12 00:16 8458240 c:\windows\Installer\3b9917.msp
- 2010-12-14 22:53 . 2011-10-12 10:01 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-12-14 22:53 . 2011-12-15 07:09 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-12-14 22:53 . 2011-10-12 10:01 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-12-14 22:53 . 2011-12-15 07:09 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-04-03 05:44 . 2009-04-03 05:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\GRAPH.EXE
- 2011-10-12 04:26 . 2011-08-20 04:35 10990080 c:\windows\SysWOW64\ieframe.dll
+ 2011-12-15 03:54 . 2011-11-11 05:50 10990080 c:\windows\SysWOW64\ieframe.dll
- 2009-07-14 02:34 . 2011-12-15 03:52 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-12-15 17:07 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-12-14 21:18 . 2011-12-15 07:08 54867776 c:\windows\system32\MRT.exe
+ 2011-12-15 03:54 . 2011-11-11 06:41 12370944 c:\windows\system32\ieframe.dll
- 2011-10-12 04:26 . 2011-08-20 05:40 12370944 c:\windows\system32\ieframe.dll
+ 2011-01-04 01:57 . 2011-12-15 17:33 44404884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3354869186-130629379-3507963822-1001-8192.dat
- 2011-01-04 01:57 . 2011-12-15 06:01 44404884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3354869186-130629379-3507963822-1001-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-04 14944136]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-26 39408]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"Facebook Update"="c:\users\Enrique\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-05 137536]
"AdobeUpdater6"="c:\program files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2009-01-08 2521464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-16 2245120]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-18 98304]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2011-02-08 63360]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"AddressBookReminderApp"="c:\program files (x86)\Nova Development\Print Artist Gold\ReminderApp.exe" [2009-08-31 144672]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 136176]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-01-25 1315592]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-08 517632]
S2 McciServiceHost;McciServiceHost;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe [2010-07-27 315392]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001Core.job
- c:\users\Enrique\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 18:47]
.
2011-12-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001UA.job
- c:\users\Enrique\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 18:47]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 19:57]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 19:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1424896]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
"combofix"="c:\combo-fix\CF20723.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:71,03,ea,f7,a1,12,49,52,79,36,dd,41,c5,09,43,4d,d6,e8,a2,fe,f4,
50,52,6b,8f,1b,fd,b3,2e,89,7f,f2,a9,dd,da,06,8f,8a,c7,91,39,e6,b7,d7,82,3c,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\Common Files\Motive\McciContextHookShim.exe
.
**************************************************************************
.
Completion time: 2011-12-15 09:39:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-15 17:39
ComboFix2.txt 2011-12-15 06:06
.
Pre-Run: 838,881,198,080 bytes free
Post-Run: 838,355,320,832 bytes free
.
- - End Of File - - 8FE7CB9C482C0F6DA4744A3DD75181D7
  • 0

#39
Render
Posted 15 December 2011 - 12:18 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

I could not for the life of me Disable MSE.


Have you already tried these steps here?

Also are the redirects still evident?
  • 0

#40
om20
Posted 15 December 2011 - 04:23 PM

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I did try those steps. There is nothing called "Microsoft Security Essentials" in program list.

Th redirects are not still evident
  • 0

Advertisements

#41
Render
Posted 15 December 2011 - 05:52 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Have you tried with FixIt from that site?
  • 0

#42
om20
Posted 15 December 2011 - 11:41 PM

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I ran the "fix it" program. not sure if anything happeend, do you want me to run combo fix again?
  • 0

#43
Render
Posted 16 December 2011 - 08:01 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
No. Please do the following:

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#44
om20
Posted 17 December 2011 - 12:41 PM

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I can not find the "attach.txt file once I closed it. So I cant attatch it

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Enrique at 10:29:16 on 2011-12-17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7935.6130 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Users\Enrique\AppData\Local\thn.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Nova Development\Print Artist Gold\ReminderApp.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [Facebook Update] "C:\Users\Enrique\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [AddressBookReminderApp] C:\Program Files (x86)\Nova Development\Print Artist Gold\ReminderApp.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
Trusted Zone: $talisma_url$
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DC411A11-3342-46A9-9EF4-906B6B494DDB} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll
BHO-X64: Canon Easy Web Print Helper - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [AddressBookReminderApp] C:\Program Files (x86)\Nova Development\Print Artist Gold\ReminderApp.exe
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Enrique\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-5-29 42184]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-7-28 203392]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-5-11 517632]
R2 McciServiceHost;McciServiceHost;C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [2011-5-11 315392]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-4-17 5716848]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 136176]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-1-24 1315592]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
.exe=qD3
.
=============== Created Last 30 ================
.
2011-12-17 10:33:03 54272 ----a-w- C:\Windows\System32\trz6E1F.tmp
2011-12-17 10:32:47 325632 ----a-w- C:\Users\Enrique\AppData\Local\thn.exe
2011-12-16 04:45:36 946 ----a-w- C:\FixitRegBackup.reg
2011-12-15 17:35:03 -------- d-----w- C:\$RECYCLE.BIN
2011-12-15 05:55:25 98816 ----a-w- C:\Windows\sed.exe
2011-12-15 05:55:25 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-15 05:55:25 256000 ----a-w- C:\Windows\PEV.exe
2011-12-15 05:55:25 208896 ----a-w- C:\Windows\MBR.exe
2011-12-14 17:20:05 -------- d-----w- C:\_OTL
2011-12-13 15:51:50 -------- d-----w- C:\Users\Enrique\AppData\Local\{8ED9C195-311B-437E-AA85-0BB046F352AC}
2011-12-13 15:51:38 -------- d-----w- C:\Users\Enrique\AppData\Local\{9D1EE98A-C69D-4ED2-AA81-33588B64F136}
2011-12-12 22:48:12 -------- d-----w- C:\Users\Enrique\AppData\Local\{3160580E-E4A6-40AA-85F1-D4C9758DB65F}
2011-12-12 22:47:59 -------- d-----w- C:\Users\Enrique\AppData\Local\{B16CE6D1-DA6D-4A08-B8E8-042800392BE6}
2011-12-12 16:19:40 -------- d-----w- C:\Users\Enrique\AppData\Local\{32F10E2E-41FA-4E77-AF4C-4A701811EFC8}
2011-12-12 16:19:27 -------- d-----w- C:\Users\Enrique\AppData\Local\{C2407592-3EA6-4E7B-9044-647DCF682CD0}
2011-12-12 01:43:20 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-12-11 21:12:53 -------- d-----w- C:\Users\Enrique\AppData\Local\{D4E8C539-65E0-4C7D-A4D9-B8F54C198A63}
2011-12-11 21:12:31 -------- d-----w- C:\Users\Enrique\AppData\Local\{051B2991-AABE-452A-9634-50DE1A668D4F}
2011-12-11 16:17:20 -------- d-----w- C:\Users\Enrique\AppData\Local\{DCDAFF2D-DE03-45A0-A063-A6433CAA122B}
2011-12-11 16:17:05 -------- d-----w- C:\Users\Enrique\AppData\Local\{1E366661-E865-4716-ABEE-5804E9DD3D6E}
2011-12-11 09:00:05 -------- d-----w- C:\Users\Enrique\AppData\Local\{56E0CAA8-1081-45AD-84B0-2B1F7EE6442A}
2011-12-11 08:59:43 -------- d-----w- C:\Users\Enrique\AppData\Local\{AA523640-6424-448A-A99B-7D0CFDCFD57A}
2011-12-10 16:32:09 -------- d-----w- C:\Users\Enrique\AppData\Local\{84D142E9-FAC3-4942-81DD-6145675D6D0A}
2011-12-10 16:31:53 -------- d-----w- C:\Users\Enrique\AppData\Local\{D67981F3-C854-43E2-9E7E-CB7F6A482B42}
2011-12-09 14:06:19 -------- d-----w- C:\Users\Enrique\AppData\Local\{5F25FD9B-1330-4006-883A-A9BAA4840687}
2011-12-09 14:05:56 -------- d-----w- C:\Users\Enrique\AppData\Local\{E61B8A0A-B382-478B-92B8-A01730697BAB}
2011-12-08 13:22:30 -------- d-----w- C:\Users\Enrique\AppData\Local\{87723472-7B75-44C5-B525-6B4AA742A882}
2011-12-08 13:22:07 -------- d-----w- C:\Users\Enrique\AppData\Local\{738FFA6C-8CF9-4302-BAE8-DDAC25722459}
2011-12-05 23:38:33 -------- d-----w- C:\Users\Enrique\AppData\Local\{228D960C-4877-4E83-BE77-7E9AF61D0560}
2011-12-05 23:38:20 -------- d-----w- C:\Users\Enrique\AppData\Local\{244C1C39-E1F3-49FD-8694-871462D54F62}
2011-12-05 06:03:34 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2011-12-05 06:03:27 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2011-12-05 06:03:06 254464 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp083.dll
2011-12-05 06:03:03 134144 ----a-w- C:\Windows\System32\hpf3l083.dll
2011-12-05 06:02:48 -------- d-----w- C:\Program Files (x86)\HP
2011-12-05 06:02:04 966656 ----a-w- C:\Windows\System32\hposwia_p02b.dll
2011-12-05 06:02:04 512512 ----a-w- C:\Windows\System32\hposc_p02a.dll
2011-12-05 06:02:04 362328 ----a-w- C:\Windows\System32\HPZIDS40.dll
2011-12-05 06:02:04 1411584 ----a-w- C:\Windows\System32\hpost_p02b.dll
2011-12-05 05:56:37 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll
2011-12-03 21:50:52 -------- d-----w- C:\Users\Enrique\AppData\Local\{0C9321DE-84E1-4422-B9C6-1C60E3AEDBE3}
2011-12-03 21:50:39 -------- d-----w- C:\Users\Enrique\AppData\Local\{2B00978A-71E6-4420-84FA-1938B38C9782}
2011-12-01 02:10:13 -------- d-----w- C:\Users\Enrique\AppData\Local\{1C39BB25-F156-4BB0-9755-27CEA325221D}
2011-12-01 02:09:59 -------- d-----w- C:\Users\Enrique\AppData\Local\{2C92D726-1B87-472E-88A5-FBBCB952F3E3}
2011-11-28 06:18:12 -------- d-----w- C:\Users\Enrique\AppData\Local\{EE265590-8213-4598-BC67-C003E7A92809}
2011-11-28 06:17:56 -------- d-----w- C:\Users\Enrique\AppData\Local\{1E2865E7-CD72-40A4-83EB-799D824F43A4}
.
==================== Find3M ====================
.
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-15 06:25:12 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:48:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-26 13:24:26 44 ---h--w- C:\Program Files (x86)\d11a7636.tmp
2009-05-15 06:15:24 5719400 ----a-w- C:\Program Files\Common Files\adlmint_libFNP.dll
2009-05-15 06:15:24 4397928 ----a-w- C:\Program Files\Common Files\adlmint.dll
.
============= FINISH: 10:30:14.62 ===============
  • 0

#45
om20
Posted 17 December 2011 - 12:49 PM

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
oh wait, i think i figured it out.

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP