Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

redirect in google chrome searches on windows 7


  • This topic is locked This topic is locked

#1
Weeping Fig

Weeping Fig

    Member

  • Member
  • PipPip
  • 12 posts
i have my searches redirected in google chrome

my virus scans find exploit:java/blacole (many of these) and some trojan redirectors

Edited by Weeping Fig, 03 November 2011 - 11:09 AM.

  • 0

Advertisements


#2
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts
OK, let's see if we can help you

»Firstly... «

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

»Next... «

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
If it asks you whether to download Avast click "No"
Posted Image

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log...

Posted Image

... save it to your desktop and post in your next reply
  • 0

#3
Weeping Fig

Weeping Fig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here are the two reports you requested.

OTL logfile created on: 11/3/2011 12:32:13 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\cheri\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 28.24% Memory free
7.36 Gb Paging File | 4.39 Gb Available in Paging File | 59.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 848.40 Gb Free Space | 93.61% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: cheri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/03 12:08:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\cheri\Downloads\OTL.exe
PRC - [2011/10/19 17:08:17 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\cheri\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/09/05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/09/05 13:04:56 | 001,489,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/07/12 23:08:16 | 000,281,088 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
PRC - [2010/01/21 02:40:59 | 000,040,960 | ---- | M] () -- C:\Windows\SysWOW64\UMonit.exe
PRC - [2009/12/04 19:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
PRC - [2009/09/30 08:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 08:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/16 12:05:10 | 000,114,688 | ---- | M] (JME) -- C:\Program Files (x86)\jmesoft\hotkey.exe
PRC - [2009/07/13 21:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/26 04:10:46 | 000,420,920 | ---- | M] () -- C:\Users\cheri\AppData\Local\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll
MOD - [2011/10/26 04:10:45 | 003,702,840 | ---- | M] () -- C:\Users\cheri\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
MOD - [2011/10/26 04:09:09 | 000,122,952 | ---- | M] () -- C:\Users\cheri\AppData\Local\Google\Chrome\Application\15.0.874.106\avutil-51.dll
MOD - [2011/10/26 04:09:07 | 000,222,280 | ---- | M] () -- C:\Users\cheri\AppData\Local\Google\Chrome\Application\15.0.874.106\avformat-53.dll
MOD - [2011/10/26 04:09:06 | 001,745,992 | ---- | M] () -- C:\Users\cheri\AppData\Local\Google\Chrome\Application\15.0.874.106\avcodec-53.dll
MOD - [2011/10/12 03:32:02 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/12 03:30:37 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/10/12 03:25:40 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/12 03:25:29 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 03:25:20 | 014,339,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/12 03:25:11 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 03:25:06 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 03:25:04 | 012,234,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/12 03:24:57 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/12 03:24:53 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 03:24:51 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 03:24:50 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 03:24:46 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/07/12 23:08:06 | 000,182,272 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Brightness System\ddcHelperWraper.dll
MOD - [2010/07/12 23:07:58 | 000,210,432 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll
MOD - [2010/06/01 11:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010/01/21 02:40:59 | 000,040,960 | ---- | M] () -- C:\Windows\SysWOW64\UMonit.exe
MOD - [2009/12/04 20:04:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/04 19:59:54 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
MOD - [2009/10/26 03:52:38 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\ustor.dll
MOD - [2009/07/16 12:20:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\jmesoft\KeyHook.dll
MOD - [2007/12/31 13:27:42 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\jmesoft\VistaVolume.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/07 12:20:20 | 001,742,600 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2011/09/07 12:20:14 | 003,290,888 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 08:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 08:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/07 14:48:42 | 000,079,888 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFSFilter)
DRV:64bit: - [2011/08/31 19:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/04 14:16:22 | 000,140,816 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/03/02 19:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/21 22:49:58 | 000,052,224 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ustor2k.sys -- (USTOR2K)
DRV:64bit: - [2010/01/06 22:37:40 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:64bit: - [2009/09/25 19:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/21 17:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 16:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1781293699-4146636100-2836336633-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1781293699-4146636100-2836336633-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\cheri\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\cheri\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/24 14:31:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/24 14:31:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cheri\AppData\Roaming\Mozilla\Extensions
[2011/10/31 22:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cheri\AppData\Roaming\Mozilla\Firefox\Profiles\53cmgpga.default\extensions
[2011/11/02 10:52:26 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\cheri\AppData\Roaming\Mozilla\Firefox\Profiles\53cmgpga.default\extensions\[email protected]
[2011/11/02 10:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/02 10:46:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/03 02:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/02 19:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.c...pr&d=2011-10-31 22:40:56&v=8.0.0.34&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\cheri\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\cheri\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\cheri\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\cheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

Hosts file not found
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1781293699-4146636100-2836336633-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UMonit] C:\Windows\SysWOW64\UMonit.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe (JME)
O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo)
O4 - HKLM..\Run: [SetDefaultSCR] C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe (Lenovo)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1781293699-4146636100-2836336633-1001..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A6B2D5A-F884-4A01-BB20-BA1F8B82E0AD}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2011/11/02 10:42:46 | 000,000,000 | ---D | C] -- C:\Users\cheri\Desktop\GooredFix Backups
[2011/11/02 10:37:02 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/02 09:50:59 | 000,000,000 | ---D | C] -- C:\Users\cheri\AppData\Roaming\Malwarebytes
[2011/11/02 09:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/02 09:50:49 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/10/31 23:04:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/10/31 22:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2011/10/31 22:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/31 22:13:34 | 000,000,000 | ---D | C] -- C:\Users\cheri\AppData\Roaming\Sammsoft
[2011/10/31 22:07:34 | 000,000,000 | ---D | C] -- C:\Users\cheri\AppData\Local\adaware
[2011/10/31 22:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2011/10/31 22:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2011/10/31 22:07:26 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2011/10/31 22:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/10/29 20:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/10/29 20:22:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/29 17:40:33 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2011/10/29 09:51:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/10/29 09:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/10/27 13:36:33 | 000,000,000 | ---D | C] -- C:\Users\cheri\AppData\Roaming\SpinTop Games
[2011/10/25 20:03:42 | 000,000,000 | ---D | C] -- C:\Users\cheri\AppData\Roaming\Orneon
[2011/10/25 18:20:45 | 000,000,000 | ---D | C] -- C:\Users\cheri\AppData\Roaming\Colibri Games
[2011/10/25 18:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Colibri Games
[2011/10/25 13:34:09 | 000,000,000 | ---D | C] -- C:\Users\cheri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shadow Wolf Mysteries - Curse of the Full Moon
[2011/10/25 11:57:40 | 000,000,000 | ---D | C] -- C:\Users\cheri\AppData\Roaming\ERS Game Studios
[2011/10/25 11:48:21 | 000,000,000 | ---D | C] -- C:\games
[2011/10/25 11:15:49 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2011/10/25 11:02:43 | 000,000,000 | ---D | C] -- C:\windows\system64
[2011/10/24 19:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2011/10/24 19:22:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2011/10/24 19:22:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2011/10/24 19:22:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2011/10/18 18:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/10/15 19:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
[2011/10/15 14:23:14 | 000,000,000 | ---D | C] -- C:\Users\cheri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Royal Envoy
[2011/10/14 21:47:17 | 000,000,000 | ---D | C] -- C:\Users\cheri\AppData\Roaming\Playrix Entertainment
[2011/10/12 03:00:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2011/10/12 03:00:50 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2011/10/12 03:00:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2011/10/12 03:00:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2011/10/12 03:00:48 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2011/10/12 03:00:48 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2011/10/12 03:00:48 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2011/10/12 03:00:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2011/10/12 03:00:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2011/10/11 22:33:47 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisdecd.dll
[2011/10/11 22:33:47 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisdecd.dll
[2011/10/11 22:33:47 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisrndr.ax
[2011/10/11 22:33:47 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisrndr.ax
[2011/10/11 22:33:23 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2011/10/11 22:33:23 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleacc.dll
[2011/10/09 17:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[2011/10/09 16:20:15 | 000,000,000 | ---D | C] -- C:\Users\cheri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4 Elements II - Collectors Edition
[2011/10/09 16:19:54 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/10/09 03:41:17 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe

========== Files - Modified Within 30 Days ==========

[2011/11/03 12:13:03 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1781293699-4146636100-2836336633-1001UA.job
[2011/11/03 12:12:00 | 000,000,936 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1781293699-4146636100-2836336633-1002UA.job
[2011/11/03 11:58:05 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/03 06:53:58 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/03 06:46:09 | 000,017,952 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/03 06:46:09 | 000,017,952 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/03 06:43:08 | 001,047,694 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/11/03 06:43:08 | 000,250,048 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/11/03 06:43:08 | 000,005,604 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/11/03 06:38:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/11/02 17:13:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1781293699-4146636100-2836336633-1001Core.job
[2011/11/02 17:12:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1781293699-4146636100-2836336633-1002Core.job
[2011/11/02 13:28:18 | 000,000,162 | -H-- | M] () -- C:\Users\cheri\Documents\~$meo&julietwordle.rtf
[2011/11/01 07:15:10 | 000,847,118 | ---- | M] () -- C:\Users\cheri\AppData\Local\census.cache
[2011/11/01 07:15:06 | 000,104,548 | ---- | M] () -- C:\Users\cheri\AppData\Local\ars.cache
[2011/10/29 20:48:30 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/29 09:52:29 | 000,000,036 | ---- | M] () -- C:\Users\cheri\AppData\Local\housecall.guid.cache
[2011/10/27 17:14:10 | 000,002,363 | ---- | M] () -- C:\Users\cheri\Desktop\Google Chrome.lnk
[2011/10/18 18:54:47 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/10/12 03:21:14 | 000,291,384 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/10/05 10:11:52 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2011/11/02 13:28:18 | 000,000,162 | -H-- | C] () -- C:\Users\cheri\Documents\~$meo&julietwordle.rtf
[2011/10/29 10:40:18 | 000,847,118 | ---- | C] () -- C:\Users\cheri\AppData\Local\census.cache
[2011/10/29 10:39:45 | 000,104,548 | ---- | C] () -- C:\Users\cheri\AppData\Local\ars.cache
[2011/10/29 09:52:29 | 000,000,036 | ---- | C] () -- C:\Users\cheri\AppData\Local\housecall.guid.cache
[2011/10/18 18:54:47 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/09/09 00:32:38 | 000,000,262 | ---- | C] () -- C:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/08/31 19:51:16 | 000,867,020 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2011/08/31 19:51:16 | 000,128,204 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2011/08/31 19:51:16 | 000,105,608 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2011/08/31 19:26:20 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/01/19 11:28:44 | 000,746,438 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/10/09 04:03:04 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2010/10/09 04:03:03 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2010/10/09 03:11:58 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\ustor.dll
[2010/10/09 03:11:58 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\UMonit.exe
[2010/10/09 03:11:57 | 000,001,393 | ---- | C] () -- C:\windows\SysWow64\IconCfg0.ini
[2010/10/09 03:11:57 | 000,000,722 | ---- | C] () -- C:\windows\SysWow64\ProductName.ini
[2009/07/26 17:07:52 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\system64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:943971F5
@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:14B2E0BD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5311B0B8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A4E7D25F
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:FC2E567F

< End of report >


OTL Extras logfile created on: 11/3/2011 12:32:13 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\cheri\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 28.24% Memory free
7.36 Gb Paging File | 4.39 Gb Available in Paging File | 59.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 848.40 Gb Free Space | 93.61% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: cheri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1781293699-4146636100-2836336633-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.cheri] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3D5B54A-9792-404F-AE8B-BDA961EBA58E}" = PerfectDisk 12 Professional
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"PROSet" = Intel® Network Connections Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 29
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{42B21298-C850-4272-AFD9-636CBC005421}" = LXH-JME2207FN Hotkey Driver
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Driver and Application Installation
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{70ED7B6F-9CF5-4698-8CA7-A7B7B965A34D}" = Genesys USB Mass Storage Device
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{803E6DED-5050-4E3D-B26A-5915397362CD}" = Lenovo Screensaver
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCD2A80-EC16-11E0-A273-B8AC6F97B88E}" = Google Earth
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9ED6D06-6002-495E-A7BC-46E6AE386996}" = Lenovo Dynamic Brightness System
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BitTorrent" = BitTorrent
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1781293699-4146636100-2836336633-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AddonChat" = AddonChat
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/29/2011 8:20:12 PM | Computer Name = desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/29/2011 8:30:28 PM | Computer Name = desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/29/2011 8:40:40 PM | Computer Name = desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/29/2011 8:40:46 PM | Computer Name = desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/29/2011 8:42:29 PM | Computer Name = desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/29/2011 8:45:02 PM | Computer Name = desktop | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: jvm.dll, version: 20.4.0.2, time stamp:
0x4e89b323 Exception code: 0xc0000005 Fault offset: 0x0005e4e2 Faulting process id:
0xfd4 Faulting application start time: 0x01cc967b91721b18 Faulting application path:
C:\windows\SysWOW64\ping.exe Faulting module path: C:\PROGRA~2\Java\jre6\bin\client\jvm.dll
Report
Id: 6679287b-0290-11e1-babf-4487fcf7892d

Error - 10/29/2011 8:49:06 PM | Computer Name = desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/29/2011 8:54:53 PM | Computer Name = desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/30/2011 1:31:40 AM | Computer Name = desktop | Source = VSS | ID = 8194
Description =

Error - 10/30/2011 1:48:56 AM | Computer Name = desktop | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

[ System Events ]
Error - 7/7/2011 4:01:55 PM | Computer Name = desktop | Source = Service Control Manager | ID = 7031
Description = The Server service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 7/7/2011 4:01:55 PM | Computer Name = desktop | Source = Service Control Manager | ID = 7031
Description = The Multimedia Class Scheduler service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 7/7/2011 4:01:55 PM | Computer Name = desktop | Source = Service Control Manager | ID = 7031
Description = The User Profile Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 7/7/2011 4:01:55 PM | Computer Name = desktop | Source = Service Control Manager | ID = 7031
Description = The Task Scheduler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/7/2011 4:01:55 PM | Computer Name = desktop | Source = Service Control Manager | ID = 7031
Description = The System Event Notification Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 7/7/2011 4:01:55 PM | Computer Name = desktop | Source = Service Control Manager | ID = 7031
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 7/7/2011 4:01:55 PM | Computer Name = desktop | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 7/7/2011 4:01:55 PM | Computer Name = desktop | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 7/7/2011 4:02:55 PM | Computer Name = desktop | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Server service, but this action
failed with the following error: %%1056

Error - 7/7/2011 4:03:55 PM | Computer Name = desktop | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056


  • 0

#4
Weeping Fig

Weeping Fig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-03 13:04:55
-----------------------------
13:04:55.974 OS Version: Windows x64 6.1.7601 Service Pack 1
13:04:55.974 Number of processors: 4 586 0x2505
13:04:55.974 ComputerName: DESKTOP UserName: cheri
13:04:59.853 Initialize success
13:05:14.393 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:05:14.403 Disk 0 Vendor: ST31000528AS CC67 Size: 953869MB BusType: 3
13:05:16.403 Disk 0 MBR read successfully
13:05:16.403 Disk 0 MBR scan
13:05:16.403 Disk 0 Windows 7 default MBR code
13:05:16.403 Service scanning
13:05:17.043 Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
13:05:17.633 Modules scanning
13:05:17.633 Disk 0 trace - called modules:
13:05:17.633 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:05:17.633 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b81060]
13:05:17.643 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004923520]
13:05:17.643 5 ACPI.sys[fffff88000f5b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800490d060]
13:05:17.643 Scan finished successfully
13:05:46.503 Disk 0 MBR has been saved successfully to "C:\Users\cheri\Desktop\MBR.dat"
13:05:46.573 The log file has been saved successfully to "C:\Users\cheri\Desktop\aswMBR.txt"
  • 0

#5
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts
Is this just with Chrome or any browser?
  • 0

#6
Weeping Fig

Weeping Fig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I tried using IE and got the same results. That was after my original post. I haven't tried any others.
  • 0

#7
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts
ComboFix

Notes:
  • If you have a previous version of Combofix.exe, delete it and download a fresh copy.
  • It must be saved to your desktop, do not run it
  • Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See http://www.bleepingc...opic114351.html



Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
  • 0

#8
Weeping Fig

Weeping Fig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix 11-11-04.01 - cheri 11/04/2011 7:21:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.1194 [GMT -4:00]
Running from: C:\Users\cheri\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Default\AppData\Roaming\DPInst.exe
C:\Users\Default\AppData\Roaming\gacutil.exe
C:\Users\Default\AppData\Roaming\PnPutil.exe
C:\windows\system32\consrv.dll
C:\windows\System64


((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))


2011-11-03 12:27:56 . 2011-10-07 01:16:04 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A2C12C74-A0DC-40E0-839C-1068A5387CF4}\mpengine.dll
2011-11-02 14:37:02 . 2011-11-02 14:37:02 -------- d-----w- C:\_OTM
2011-11-02 13:50:59 . 2011-11-02 13:50:59 -------- d-----w- C:\Users\cheri\AppData\Roaming\Malwarebytes
2011-11-02 13:50:51 . 2011-11-02 13:50:51 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-02 13:50:49 . 2011-08-31 21:00:50 25416 ----a-w- C:\windows\system32\drivers\mbam.sys
2011-11-01 03:04:18 . 2011-11-01 03:04:18 -------- d-----w- C:\$AVG
2011-11-01 02:40:53 . 2011-11-02 14:52:31 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2011-11-01 02:40:27 . 2011-11-02 14:52:27 -------- d-----w- C:\ProgramData\AVG2012
2011-11-01 02:13:34 . 2011-11-01 02:13:34 -------- d-----w- C:\Users\cheri\AppData\Roaming\Sammsoft
2011-11-01 02:07:34 . 2011-11-01 02:07:35 -------- d-----w- C:\Users\cheri\AppData\Local\adaware
2011-11-01 02:07:33 . 2011-11-02 14:52:27 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2011-11-01 02:07:32 . 2011-11-02 14:52:28 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2011-11-01 02:07:26 . 2011-11-01 11:04:56 -------- dc----w- C:\windows\system32\DRVSTORE
2011-11-01 02:07:22 . 2011-11-01 11:04:58 -------- d-----w- C:\ProgramData\Lavasoft
2011-10-30 00:23:01 . 2011-11-02 14:45:44 -------- d-----w- C:\Program Files (x86)\Apple Software Update
2011-10-29 21:40:33 . 2011-11-02 14:47:04 -------- d-----w- C:\windows\system32\Macromed
2011-10-29 13:51:36 . 2011-10-29 13:51:36 -------- d--h--w- C:\ProgramData\Common Files
2011-10-29 13:49:55 . 2011-11-02 14:52:43 -------- d-----w- C:\ProgramData\MFAData
2011-10-27 17:36:33 . 2011-11-02 14:46:34 -------- d-----w- C:\Users\cheri\AppData\Roaming\SpinTop Games
2011-10-26 00:03:42 . 2011-10-26 00:03:42 -------- d-----w- C:\Users\cheri\AppData\Roaming\Orneon
2011-10-25 22:20:45 . 2011-10-25 22:20:45 -------- d-----w- C:\Users\cheri\AppData\Roaming\Colibri Games
2011-10-25 22:20:45 . 2011-10-25 22:20:45 -------- d-----w- C:\ProgramData\Colibri Games
2011-10-25 15:57:40 . 2011-11-02 14:46:34 -------- d-----w- C:\Users\cheri\AppData\Roaming\ERS Game Studios
2011-10-25 15:48:21 . 2011-11-02 12:17:45 -------- d-----w- C:\games
2011-10-25 15:15:49 . 2011-10-25 15:15:49 -------- d-----w- C:\windows\Sun
2011-10-24 23:32:14 . 2011-11-02 14:52:43 -------- d-----w- C:\ProgramData\Intel
2011-10-15 01:47:17 . 2011-10-15 01:47:17 -------- d-----w- C:\Users\cheri\AppData\Roaming\Playrix Entertainment
2011-10-12 02:33:48 . 2011-09-06 03:03:17 3138048 ----a-w- C:\windows\system32\win32k.sys
2011-10-12 02:33:47 . 2011-08-17 05:26:46 613888 ----a-w- C:\windows\system32\psisdecd.dll
2011-10-12 02:33:47 . 2011-08-17 05:25:08 108032 ----a-w- C:\windows\system32\psisrndr.ax
2011-10-12 02:33:47 . 2011-08-17 04:24:12 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll
2011-10-12 02:33:47 . 2011-08-17 04:19:27 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax
2011-10-12 02:33:23 . 2011-08-27 05:37:49 861696 ----a-w- C:\windows\system32\oleaut32.dll
2011-10-12 02:33:23 . 2011-08-27 05:37:48 331776 ----a-w- C:\windows\system32\oleacc.dll
2011-10-12 02:33:23 . 2011-08-27 04:26:27 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2011-10-12 02:33:23 . 2011-08-27 04:26:27 233472 ----a-w- C:\windows\SysWow64\oleacc.dll
2011-10-11 12:48:15 . 2011-10-11 12:48:06 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82D9F652-FC0D-442D-9664-45EFF53A0641}\gapaengine.dll
2011-10-09 21:08:57 . 2011-10-21 13:11:59 -------- d-----w- C:\ProgramData\Playrix Entertainment
2011-10-09 20:19:54 . 2011-10-09 20:19:54 -------- d-----w- C:\Downloads
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-10-30 00:48:30 . 2011-09-28 19:03:25 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-07 01:16:04 . 2011-01-20 16:21:59 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 09:06:03 . 2011-01-19 11:15:46 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-09-10 18:51:33 . 2011-09-10 18:51:43 525544 ----a-w- C:\windows\system32\deployJava1.dll
2011-09-07 18:48:42 . 2011-09-07 18:48:42 79888 ----a-w- C:\windows\system32\drivers\PDFsFilter.sys
2011-09-07 16:20:18 . 2011-09-07 16:20:18 268552 ----a-w- C:\windows\system32\PDBoot.exe
2011-09-01 00:08:50 . 2011-09-01 00:08:50 167704 ----a-w- C:\windows\system32\igfxtray.exe
2011-09-01 00:08:48 . 2011-09-01 00:08:48 510232 ----a-w- C:\windows\system32\igfxsrvc.exe
2011-09-01 00:08:44 . 2011-09-01 00:08:44 416024 ----a-w- C:\windows\system32\igfxpers.exe
2011-09-01 00:08:42 . 2011-09-01 00:08:42 239896 ----a-w- C:\windows\system32\igfxext.exe
2011-09-01 00:08:34 . 2011-09-01 00:08:34 392472 ----a-w- C:\windows\system32\hkcmd.exe
2011-09-01 00:08:24 . 2011-09-01 00:08:24 4378392 ----a-w- C:\windows\system32\GfxUI.exe
2011-09-01 00:08:22 . 2011-09-01 00:08:22 179992 ----a-w- C:\windows\system32\difx64.exe
2011-08-31 23:58:50 . 2011-08-31 23:58:50 90112 ----a-w- C:\windows\system32\igfxCoIn_v2509.dll
2011-08-31 23:53:22 . 2011-08-31 23:53:22 12306848 ----a-w- C:\windows\system32\drivers\igdkmd64.sys
2011-08-31 23:53:20 . 2011-08-31 23:53:20 8312320 ----a-w- C:\windows\system32\igdumd64.dll
2011-08-31 23:51:16 . 2011-08-31 23:51:16 867020 ----a-w- C:\windows\system32\igkrng575.bin
2011-08-31 23:51:16 . 2011-08-31 23:51:16 128204 ----a-w- C:\windows\system32\igcompkrng575.bin
2011-08-31 23:51:16 . 2011-08-31 23:51:16 105608 ----a-w- C:\windows\system32\igfcg575m.bin
2011-08-31 23:47:42 . 2010-08-26 00:31:30 6322688 ----a-w- C:\windows\SysWow64\igdumd32.dll
2011-08-31 23:45:02 . 2010-08-26 00:28:22 581120 ----a-w- C:\windows\SysWow64\igdumdx32.dll
2011-08-31 23:42:42 . 2010-08-26 00:26:32 14598656 ----a-w- C:\windows\system32\igd10umd64.dll
2011-08-31 23:37:18 . 2011-08-31 23:37:18 12340224 ----a-w- C:\windows\SysWow64\igd10umd32.dll
2011-08-31 23:31:14 . 2011-08-31 23:31:14 18641408 ----a-w- C:\windows\system32\ig4icd64.dll
2011-08-31 23:26:20 . 2011-08-31 23:26:20 13903872 ----a-w- C:\windows\SysWow64\ig4icd32.dll
2011-08-31 23:22:36 . 2011-08-31 23:22:36 286720 ----a-w- C:\windows\system32\igfxrrom.lrc
2011-08-31 23:22:34 . 2011-08-31 23:22:34 286720 ----a-w- C:\windows\system32\igfxrsky.lrc
2011-08-31 23:22:34 . 2011-08-31 23:22:34 286720 ----a-w- C:\windows\system32\igfxrhrv.lrc
2011-08-31 23:22:34 . 2011-08-31 23:22:34 286208 ----a-w- C:\windows\system32\igfxrtrk.lrc
2011-08-31 23:22:34 . 2011-08-31 23:22:34 286208 ----a-w- C:\windows\system32\igfxrslv.lrc
2011-08-31 23:22:32 . 2011-08-31 23:22:32 287232 ----a-w- C:\windows\system32\igfxresn.lrc
2011-08-31 23:22:32 . 2011-08-31 23:22:32 286208 ----a-w- C:\windows\system32\igfxrsve.lrc
2011-08-31 23:22:32 . 2011-08-31 23:22:32 285696 ----a-w- C:\windows\system32\igfxrtha.lrc
2011-08-31 23:22:30 . 2011-08-31 23:22:30 286720 ----a-w- C:\windows\system32\igfxrrus.lrc
2011-08-31 23:22:30 . 2011-08-31 23:22:30 286720 ----a-w- C:\windows\system32\igfxrptg.lrc
2011-08-31 23:22:28 . 2011-08-31 23:22:28 286720 ----a-w- C:\windows\system32\igfxrplk.lrc
2011-08-31 23:22:28 . 2011-08-31 23:22:28 286208 ----a-w- C:\windows\system32\igfxrptb.lrc
2011-08-31 23:22:28 . 2011-08-31 23:22:28 286208 ----a-w- C:\windows\system32\igfxrnor.lrc
2011-08-31 23:22:28 . 2011-08-31 23:22:28 283136 ----a-w- C:\windows\system32\igfxrkor.lrc
2011-08-31 23:22:26 . 2011-08-31 23:22:26 286720 ----a-w- C:\windows\system32\igfxrita.lrc
2011-08-31 23:22:26 . 2011-08-31 23:22:26 283648 ----a-w- C:\windows\system32\igfxrjpn.lrc
2011-08-31 23:22:24 . 2011-08-31 23:22:24 287232 ----a-w- C:\windows\system32\igfxrell.lrc
2011-08-31 23:22:24 . 2011-08-31 23:22:24 286720 ----a-w- C:\windows\system32\igfxrdeu.lrc
2011-08-31 23:22:24 . 2011-08-31 23:22:24 286208 ----a-w- C:\windows\system32\igfxrhun.lrc
2011-08-31 23:22:24 . 2011-08-31 23:22:24 285184 ----a-w- C:\windows\system32\igfxrheb.lrc
2011-08-31 23:22:22 . 2011-08-31 23:22:22 287232 ----a-w- C:\windows\system32\igfxrfra.lrc
2011-08-31 23:22:22 . 2011-08-31 23:22:22 286720 ----a-w- C:\windows\system32\igfxrnld.lrc
2011-08-31 23:22:22 . 2011-08-31 23:22:22 286208 ----a-w- C:\windows\system32\igfxrfin.lrc
2011-08-31 23:22:20 . 2011-08-31 23:22:20 286720 ----a-w- C:\windows\system32\igfxrcsy.lrc
2011-08-31 23:22:20 . 2011-08-31 23:22:20 285696 ----a-w- C:\windows\system32\igfxrdan.lrc
2011-08-31 23:22:20 . 2011-08-31 23:22:20 282624 ----a-w- C:\windows\system32\igfxrcht.lrc
2011-08-31 23:22:18 . 2011-08-31 23:22:18 285184 ----a-w- C:\windows\system32\igfxrara.lrc
2011-08-31 23:22:18 . 2011-08-31 23:22:18 282624 ----a-w- C:\windows\system32\igfxrchs.lrc
2011-08-31 23:22:16 . 2011-08-31 23:22:16 126976 ----a-w- C:\windows\system32\igfxcpl.cpl
2011-08-31 23:21:50 . 2011-08-31 23:21:50 375808 ----a-w- C:\windows\system32\igfxpph.dll
2011-08-31 23:21:46 . 2011-08-31 23:21:46 378368 ----a-w- C:\windows\system32\igfxTMM.dll
2011-08-31 23:21:40 . 2011-08-31 23:21:40 28672 ----a-w- C:\windows\system32\igfxexps.dll
2011-08-31 23:21:26 . 2010-08-26 00:04:28 62464 ----a-w- C:\windows\system32\igfxsrvc.dll
2011-08-31 23:20:58 . 2010-08-26 00:04:00 110080 ----a-w- C:\windows\system32\hccutils.dll
2011-08-31 23:20:50 . 2011-08-31 23:20:50 4096 ----a-w- C:\windows\system32\IGFXDEVLib.dll
2011-08-31 23:20:50 . 2011-08-31 23:20:50 146432 ----a-w- C:\windows\system32\gfxSrvc.dll
2011-08-31 23:20:48 . 2011-08-31 23:20:48 390144 ----a-w- C:\windows\system32\igfxdev.dll
2011-08-31 23:20:14 . 2011-08-31 23:20:14 285696 ----a-w- C:\windows\system32\igfxrenu.lrc
2011-08-31 23:20:08 . 2011-08-31 23:20:08 142336 ----a-w- C:\windows\system32\igfxdo.dll
2011-08-31 23:20:08 . 2010-08-26 00:03:18 9014784 ----a-w- C:\windows\system32\igfxress.dll
2011-08-31 23:16:32 . 2011-08-31 23:16:32 24576 ----a-w- C:\windows\SysWow64\igfxexps32.dll
2011-08-31 23:15:46 . 2011-08-31 23:15:46 294400 ----a-w- C:\windows\SysWow64\igfxdv32.dll
2011-08-31 23:13:52 . 2011-08-31 23:13:52 98304 ----a-w- C:\windows\SysWow64\iglhcp32.dll
2011-08-31 23:13:52 . 2011-08-31 23:13:52 98304 ----a-w- C:\windows\system32\iglhcp64.dll
2011-08-31 23:13:52 . 2011-08-31 23:13:52 94208 ----a-w- C:\windows\system32\IccLibDll_x64.dll
2011-08-31 23:13:52 . 2011-08-31 23:13:52 376832 ----a-w- C:\windows\SysWow64\iglhsip32.dll
2011-08-31 23:13:52 . 2011-08-31 23:13:52 376832 ----a-w- C:\windows\system32\iglhsip64.dll
2011-08-31 23:13:52 . 2011-08-31 23:13:52 162816 ----a-w- C:\windows\SysWow64\igfxcmrt32.dll
2011-08-31 23:13:52 . 2011-08-31 23:13:52 140288 ----a-w- C:\windows\system32\igfxcmrt64.dll
2011-08-12 04:10:01 . 2011-08-23 01:59:10 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 15:17:48 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"jmekey"="C:\Program Files (x86)\jmesoft\hotkey.exe" [2009-07-16 16:05:10 114688]
"Lenovo Dynamic Brightness System"="C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe" [2010-07-13 03:08:16 281088]
"SetDefaultSCR"="C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe" [2009-12-31 00:56:42 102400]
"CLMLServer"="C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-12-04 23:59:28 103720]
"UpdateP2GoShortCut"="C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 05:16:16 222504]
"UpdatePRCShortCut"="C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 23:38:24 222504]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 16:55:28 937920]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2009-05-26 21:18:30 413696]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 17:06:06 254696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-09-05 21:00:46 2232752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 21:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 22:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 14:24:00 136176]
R3 dc3d;MS Hardware Device Detection Driver (USB);C:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 14:24:00 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 21:21:18 288272]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 05:34:24 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;C:\windows\system32\DRIVERS\point64.sys [x]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\windows\system32\DRIVERS\Rtnic64.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 16:55:28 64952]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 19:23:26 821664]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-09-05 21:00:52 393648]
S2 PDFSFilter;PDFSFilter;C:\windows\system32\DRIVERS\PDFsFilter.sys [x]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 09:45:44 508264]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 12:02:50 2320920]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 09:45:56 219496]
S3 USTOR2K;USB Mass Storage Windows Driver;C:\windows\system32\DRIVERS\ustor2k.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys [x]


Contents of the 'Scheduled Tasks' folder

2011-11-04 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 14:24:07 . 2011-05-03 14:24:00]

2011-11-04 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 14:24:07 . 2011-05-03 14:24:00]

2011-11-03 C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781293699-4146636100-2836336633-1001Core.job
- C:\Users\cheri\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-23 18:10:55 . 2011-01-23 18:10:55]

2011-11-04 C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781293699-4146636100-2836336633-1001UA.job
- C:\Users\cheri\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-23 18:10:55 . 2011-01-23 18:10:55]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-08 10:47:10 10060832]
"UMonit"="C:\windows\SysWOW64\UMonit.exe" [2010-01-21 06:40:59 40960]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2011-06-15 18:35:24 1436736]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 19:59:06 2417032]
"EKIJ5000StatusMonitor"="C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 21:53:44 2922496]
"IgfxTray"="C:\windows\system32\igfxtray.exe" [2011-09-01 00:08:50 167704]
"HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2011-09-01 00:08:34 392472]
"Persistence"="C:\windows\system32\igfxpers.exe" [2011-09-01 00:08:44 416024]
"combofix"="C:\ComboFix\CF13623.3XE" [2010-11-20 13:24:33 345088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uStart Page = hxxp://www.google.com/
uLocal Page = C:\windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - C:\Users\cheri\AppData\Roaming\Mozilla\Firefox\Profiles\53cmgpga.default\

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Conime - C:\windows\system32\conime.exe
Toolbar-Locked - (no file)
AddRemove-AddonChat - C:\windows\system32\javaws.exe
  • 0

#9
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts
How does it seem now?
  • 0

#10
Weeping Fig

Weeping Fig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
It seems okay. The searches I did this morning were not redirected to another site. When I've "cleaned" the computer before, it would be okay for a bit then it would start back with the redirects. Did this take it away entirely?
  • 0

Advertisements


#11
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts

It seems okay. The searches I did this morning were not redirected to another site. When I've "cleaned" the computer before, it would be okay for a bit then it would start back with the redirects. Did this take it away entirely?

Hopefully. What you had is fairly insiduous but I can't see any sign of it now. With this type of infection that doesn't mean we've got it all.

» Step 1 «
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

» Step 2 «
ESET Scanner
Please run a free online scan with the ESET Online Scanner
Note: Use Internet Explorer for this scan. (If you need to use Firefox or Opera, click on the download icon to download the ESET Installer and save to your desktop. When the download is complete double-click on the icon on the desktop.)
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#12
Weeping Fig

Weeping Fig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
malware log







Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8090

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/5/2011 9:55:11 AM
mbam-log-2011-11-05 (09-55-11).txt

Scan type: Quick scan
Objects scanned: 191520
Time elapsed: 1 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\cheri\AppData\Local\Temp\Addons\4677EA9C\zugo.exe (PUP.Zugo) -> Quarantined and deleted successfully.
c:\Users\cheri\downloads\downloadsetup (37).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
  • 0

#13
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts
Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Looking Good
  • 0

#14
Weeping Fig

Weeping Fig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
k, i will do that when the eset scan finishes. 48 minutes in so far and 12 threats found!!!
  • 0

#15
Weeping Fig

Weeping Fig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
the eset scan finished, 12 threats quarantined. i closed the window and tried to retrieve the log. there is nothing in the eset folder. should i run it again?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP