Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

smitfraud svchost.exe Need removal help! [Closed]

Started by uhhhhelp , Feb 26 2012 06:49 PM

  • This topic is locked This topic is locked

#1
uhhhhelp
Posted 26 February 2012 - 06:49 PM

uhhhhelp

    New Member

  • Member
  • Pip
  • 8 posts
Hello and thank you in advance for your much needed help!

I have been trying to get rid of this 'smitfraud' for a few days now. I tried to do system restore, but the restore points before Feb. 2nd didn't exist (so I'm assuming that is when I got the virus). I can run my symantec without any problems popping up but spybot shows something called smitfraud. It says it is a svchost.exe file and says it is 'fixed' but if I run another scan directly after that it still pops up. When I do google searches and try to click on the results it redirects me to a different site every time.

Your expertise will be much appreciated!

OTL logfile created on: 2/26/2012 19:41:20 - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Alisa\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.86 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 29.18% Memory free
11.73 Gb Paging File | 7.59 Gb Available in Paging File | 64.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 355.44 Gb Free Space | 78.80% Space Free | Partition Type: NTFS

Computer Name: ALISA-STUDIO15 | User Name: Alisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - File not found --
PRC - File not found --
PRC - File not found --
PRC - File not found --
PRC - File not found --
PRC - File not found --
PRC - [2012/02/26 19:11:26 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/25 15:48:19 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Alisa\Desktop\OTL.com
PRC - [2010/09/22 17:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/08/20 15:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/07/21 10:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/17 17:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 17:55:12 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2009/08/17 21:09:54 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/22 08:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009/07/08 19:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/02/24 15:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/09/28 04:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/26 19:11:25 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/24 06:16:03 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll
MOD - [2012/02/24 06:16:02 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\966a138f3aed60400472ac415bd16bc8\IAStorUtil.ni.dll
MOD - [2012/02/24 06:10:59 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e0dbdfca9d4a65b1189481a168295866\System.Web.Services.ni.dll
MOD - [2012/02/24 06:10:57 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2df79ab909c782d3796e4107d040327d\System.Web.ni.dll
MOD - [2012/02/24 06:10:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
MOD - [2012/02/24 06:10:18 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
MOD - [2012/02/24 06:10:10 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
MOD - [2012/02/24 06:09:54 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
MOD - [2012/02/24 06:09:47 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/24 06:09:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/24 06:09:40 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2012/01/27 08:42:58 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/12 02:33:07 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010/08/09 23:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/07/21 10:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/07/21 10:34:20 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/07/21 10:34:00 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/07/21 10:33:58 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/07/21 10:33:52 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/07/21 10:33:50 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/07/21 10:33:46 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/07/21 10:33:22 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 13:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 13:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 13:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 13:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2010/02/09 13:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/12/15 21:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/07/22 08:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/31 15:10:49 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/06/01 22:30:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/21 04:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/09/21 15:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/09/21 15:03:06 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2009/09/21 15:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/08/17 21:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2011/12/19 21:23:34 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2011/12/19 21:23:21 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/03/15 20:29:42 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/08 12:04:20 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/26 09:39:45 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/20 15:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/09/17 17:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 17:37:56 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 16:22:16 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/07/13 11:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/06/23 16:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/09/28 04:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/19 21:23:22 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/07/04 15:36:12 | 000,225,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2011/05/31 14:20:28 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/17 15:40:06 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/09/17 15:39:58 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/06/01 22:50:28 | 006,857,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/06/01 21:42:48 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/06 05:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/21 04:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/09/17 17:37:52 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/15 11:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/08/25 19:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/08/25 19:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2009/08/25 19:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/24 11:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/21 00:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/24 14:13:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/07/23 12:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/04 19:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 08:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 18:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/01 12:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 12:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 12:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/27 13:31:34 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2007/06/08 07:06:36 | 000,276,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmdcap.sys -- (U6000ALL) HDTV110 TV Box(ALL)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/02/13 12:38:28 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120225.008\EX64.SYS -- (NAVEX15)
DRV - [2012/02/13 12:38:28 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/13 12:38:28 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120225.008\ENG64.SYS -- (NAVENG)
DRV - [2012/02/04 04:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/11/05 13:26:00 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2010/09/17 15:40:06 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/08/25 19:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/08/25 19:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/08/25 19:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.652
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alisa\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alisa\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/26 19:11:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/23 19:28:27 | 000,000,000 | ---D | M]

[2010/11/03 12:44:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alisa\AppData\Roaming\Mozilla\Extensions
[2012/02/23 19:50:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alisa\AppData\Roaming\Mozilla\Firefox\Profiles\b87njxjn.default\extensions
[2012/02/26 18:43:06 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Alisa\AppData\Roaming\Mozilla\Firefox\Profiles\b87njxjn.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2012/01/01 08:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/26 19:11:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/26 19:11:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/26 19:11:21 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/25 15:28:14 | 000,000,027 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files (x86)\Common Files\Adobe\Updater\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [MusicManager] C:\Users\Alisa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [SpybotDeletingA235] command.com /c del "C:\Windows\svchost.exe_old" File not found
O4 - HKLM..\RunOnce: [SpybotDeletingA9610] command.com /c del "C:\Windows\svchost.exe" File not found
O4 - HKLM..\RunOnce: [SpybotDeletingC3332] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC5159] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingB1901] command.com /c del "C:\Windows\svchost.exe" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB9399] command.com /c del "C:\Windows\svchost.exe_old" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingD3352] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD9993] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Alisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D03DA0E-E145-4F4E-8752-11D192DC43CE}: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/31 15:00:39 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 19:31:26 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alisa\Desktop\tdsskiller.exe
[2012/02/26 19:11:55 | 000,000,000 | ---D | C] -- C:\Users\Alisa\Desktop\Calendar
[2012/02/25 17:41:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/25 16:39:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/25 15:48:19 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Alisa\Desktop\OTL.com
[2012/02/25 15:37:35 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Alisa\Desktop\aswMBR.exe
[2012/02/25 15:27:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/25 15:19:38 | 004,420,481 | R--- | C] (Swearware) -- C:\Users\Alisa\Desktop\ComboFix.exe
[2012/02/25 15:19:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/25 15:19:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/25 15:19:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/25 15:19:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/25 15:19:24 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/25 15:19:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/23 20:02:42 | 000,000,000 | ---D | C] -- C:\Users\Alisa\AppData\Roaming\SPE
[2012/02/23 09:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/23 09:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/23 09:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/23 07:47:23 | 000,000,000 | ---D | C] -- C:\Windows\Sun

========== Files - Modified Within 30 Days ==========

[2012/02/26 19:44:11 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1275767207-880899964-467927538-1000UA.job
[2012/02/26 19:40:46 | 000,000,269 | ---- | M] () -- C:\Windows\wininit.ini
[2012/02/26 19:31:29 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alisa\Desktop\tdsskiller.exe
[2012/02/26 19:15:23 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 19:15:23 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 19:12:24 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/26 19:12:24 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/26 19:12:24 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/26 19:11:30 | 000,002,046 | ---- | M] () -- C:\Users\Alisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/26 18:03:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/26 18:03:16 | 427,167,743 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/25 15:48:19 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Alisa\Desktop\OTL.com
[2012/02/25 15:38:14 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Alisa\Desktop\aswMBR.exe
[2012/02/25 15:28:14 | 000,000,027 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/25 15:19:05 | 004,420,481 | R--- | M] (Swearware) -- C:\Users\Alisa\Desktop\ComboFix.exe
[2012/02/25 14:47:51 | 000,000,691 | ---- | M] () -- C:\Users\Alisa\AppData\Roaming\GetValue.vbs
[2012/02/25 14:47:51 | 000,000,035 | ---- | M] () -- C:\Users\Alisa\AppData\Roaming\SetValue.bat
[2012/02/24 06:08:15 | 005,086,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/23 20:29:01 | 700,379,214 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/23 19:37:10 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/02/06 19:46:50 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1275767207-880899964-467927538-1000Core.job

========== Files Created - No Company Name ==========

[2012/02/25 15:19:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/25 15:19:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/25 15:19:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/25 15:19:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/25 15:19:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/24 05:00:16 | 000,000,269 | ---- | C] () -- C:\Windows\wininit.ini
[2012/02/23 20:31:26 | 000,000,691 | ---- | C] () -- C:\Users\Alisa\AppData\Roaming\GetValue.vbs
[2012/02/23 20:31:26 | 000,000,035 | ---- | C] () -- C:\Users\Alisa\AppData\Roaming\SetValue.bat
[2012/02/23 20:12:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2012/02/23 19:37:10 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2011/11/30 21:04:08 | 000,005,632 | ---- | C] () -- C:\Users\Alisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/02 20:45:48 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/23 13:45:27 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/11/23 13:45:27 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/11/23 13:45:10 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/11/23 13:44:21 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2010/11/23 13:44:21 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010/11/23 13:44:21 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010/11/23 13:44:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2010/11/23 13:44:09 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2010/11/05 13:57:49 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2010/11/05 13:19:10 | 000,016,618 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2010/11/03 13:57:57 | 000,000,069 | ---- | C] () -- C:\Windows\iltwain.ini
[2010/10/26 11:22:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/10/26 09:55:39 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/09/21 17:43:05 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/05/21 09:04:44 | 000,000,000 | ---D | M] -- C:\Users\Alisa\AppData\Roaming\AppClient
[2011/06/02 21:05:30 | 000,000,000 | ---D | M] -- C:\Users\Alisa\AppData\Roaming\Autodesk
[2012/02/26 18:43:05 | 000,000,000 | ---D | M] -- C:\Users\Alisa\AppData\Roaming\BitTorrent
[2010/12/22 00:10:40 | 000,000,000 | ---D | M] -- C:\Users\Alisa\AppData\Roaming\PCDr
[2012/02/23 20:02:42 | 000,000,000 | ---D | M] -- C:\Users\Alisa\AppData\Roaming\SPE
[2011/01/30 10:18:25 | 000,000,000 | ---D | M] -- C:\Users\Alisa\AppData\Roaming\Ulead Systems
[2009/07/14 00:08:49 | 000,029,476 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
WhiteHat
Posted 04 March 2012 - 07:14 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello uhhhhelp and welcome to GeeksToGo :)

My nickname is GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#3
uhhhhelp
Posted 05 March 2012 - 05:43 PM

uhhhhelp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Great, thank you in advance for you help.
  • 0

#4
WhiteHat
Posted 07 March 2012 - 07:04 AM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Sorry for delay. At the moment, I'm waiting for an approval to my Proposed Fix.
  • 0

#5
WhiteHat
Posted 08 March 2012 - 09:48 AM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Sorry for delay,


# Step 1 #

Please go to: VirusTotal
Posted Image
  • Click the Choose File button and search for the following file (one by one):

    C:\Windows\SysWow64\cmd.exe

  • Click Open > Scan It!.
  • Please be patient while the file is scanned.
  • Copy and past the Link (URL) with the results.


# Step 2 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Commands
[CREATERESTOREPOINT]


:OTL
O4 - HKLM..\RunOnce: [SpybotDeletingA235] command.com /c del "C:\Windows\svchost.exe_old" File not found
O4 - HKLM..\RunOnce: [SpybotDeletingA9610] command.com /c del "C:\Windows\svchost.exe" File not found
O4 - HKLM..\RunOnce: [SpybotDeletingC3332] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC5159] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingB1901] command.com /c del "C:\Windows\svchost.exe" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB9399] command.com /c del "C:\Windows\svchost.exe_old" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingD3352] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD9993] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
[2012/02/23 20:31:26 | 000,000,691 | ---- | C] () -- C:\Users\Alisa\AppData\Roaming\GetValue.vbs
[2012/02/23 20:31:26 | 000,000,035 | ---- | C] () -- C:\Users\Alisa\AppData\Roaming\SetValue.bat


:Files
C:\Windows\svchost.exe
C:\Windows\svchost.exe_old

:Commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


# Step 3 #

Please, run ComboFix.exe again and post the log generated.

PS: The log is located in C:\ComboFix.txt


# Step 4 #

Please, reopen aswMBR (C:\Users\Alisa\Desktop\aswMBR.exe).

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


# Step 5 #

Logs I want to see in your next reply:

  • VirusTotal URL.
  • OTL Fix log.
  • ComboFix log.
  • aswMBR log.
  • 0

#6
uhhhhelp
Posted 08 March 2012 - 08:33 PM

uhhhhelp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Virus Total: it said that the file had already been analysed today and allowed me to view the previous analyse (first time I've used this so something has to be wrong there). When I viewed those records this is what I got:

https://www.virustot...13cb9/analysis/
  • 0

#7
uhhhhelp
Posted 08 March 2012 - 09:46 PM

uhhhhelp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA235 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA9610 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC3332 not found.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC5159 not found.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB1901 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB9399 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD3352 not found.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD9993 not found.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
C:\Users\Alisa\AppData\Roaming\GetValue.vbs moved successfully.
C:\Users\Alisa\AppData\Roaming\SetValue.bat moved successfully.
========== FILES ==========
C:\Windows\svchost.exe moved successfully.
File\Folder C:\Windows\svchost.exe_old not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Alisa
->Temp folder emptied: 17751389 bytes
->Temporary Internet Files folder emptied: 37271317 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49448323 bytes
->Flash cache emptied: 615 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15732954 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36049107 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 149.00 mb


[EMPTYFLASH]

User: Alisa
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.33.2 log created on 03082012_182940

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
C:\Users\Alisa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Alisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3P4KU84\index[1].htm not found!
File\Folder C:\Users\Alisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16GN02GT\index[1].htm not found!
C:\Users\Alisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\Windows\temp\hsperfdata_ALISA-STUDIO15$\4728 not found!
File\Folder C:\Windows\temp\fla840.tmp not found!
File\Folder C:\Windows\temp\flaA009.tmp not found!
File\Folder C:\Windows\temp\flaAB9E.tmp not found!
File\Folder C:\Windows\temp\flaABF8.tmp not found!
C:\Windows\temp\GoogleToolbarInstaller2.log moved successfully.

Registry entries deleted on Reboot...


Combo Fix:
ComboFix 12-03-08.04 - Alisa 03/08/2012 19:13:23.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6005.4066 [GMT -5:00]
Running from: c:\users\Alisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56N4T6NV\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))
.
.
2012-03-09 00:19 . 2012-03-09 00:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-25 21:39 . 2012-02-25 21:39 -------- d-----w- C:\_OTL
2012-02-24 01:18 . 2006-10-13 16:00 135168 ----a-w- c:\program files (x86)\Mozilla Firefox\smitRem\swreg.exe
2012-02-24 01:18 . 2006-02-08 23:08 40960 ----a-w- c:\program files (x86)\Mozilla Firefox\smitRem\getsts.exe
2012-02-24 01:18 . 2004-07-31 22:50 51200 ----a-w- c:\program files (x86)\Mozilla Firefox\smitRem\dumphive.exe
2012-02-24 01:18 . 2003-12-23 04:48 61440 ----a-w- c:\program files (x86)\Mozilla Firefox\smitRem\pv.exe
2012-02-24 01:18 . 2003-06-06 01:13 53248 ----a-w- c:\program files (x86)\Mozilla Firefox\smitRem\Process.exe
2012-02-24 01:14 . 2012-03-08 08:17 -------- d-----w- c:\program files (x86)\RogueRemover
2012-02-24 01:02 . 2012-02-24 01:02 -------- d-----w- c:\users\Alisa\AppData\Roaming\SPE
2012-02-24 00:46 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-24 00:45 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-24 00:45 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-24 00:45 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-24 00:45 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-24 00:45 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-23 14:08 . 2012-02-23 14:08 -------- d-----w- c:\programdata\AVAST Software
2012-02-23 14:08 . 2012-02-23 14:08 -------- d-----w- c:\program files\AVAST Software
2012-02-23 12:47 . 2012-02-23 12:47 -------- d-----w- c:\windows\Sun
2012-02-23 12:42 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-23 12:42 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-16 01:14 . 2012-02-16 01:14 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\C699.tmp
2012-02-16 01:14 . 2012-02-16 01:14 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\C688.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 13:42 . 2011-05-21 11:50 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-20 02:23 . 2011-01-06 13:28 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-12-20 02:23 . 2011-01-06 13:28 34688 ----a-w- c:\windows\system32\LMIport.dll
2011-12-20 02:23 . 2011-01-06 13:28 80768 ----a-w- c:\windows\system32\LMIinit.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-25_20.28.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-08 23:23 . 2012-03-08 23:23 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2012-03-08 23:23 . 2012-03-08 23:23 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2012-03-08 23:23 . 2012-03-08 23:23 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 11776 c:\windows\SysWOW64\mshta.exe
+ 2012-03-08 23:23 . 2012-03-08 23:23 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2012-03-08 23:23 . 2012-03-08 23:23 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 78848 c:\windows\SysWOW64\inseng.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 35840 c:\windows\SysWOW64\imgutil.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 74752 c:\windows\SysWOW64\iesetup.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 31744 c:\windows\SysWOW64\iernonce.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2012-03-08 23:23 . 2012-03-08 23:23 66048 c:\windows\SysWOW64\icardie.dll
- 2010-11-03 15:55 . 2012-02-25 20:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-11-03 15:55 . 2012-03-09 00:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-02-24 00:43 . 2012-02-25 20:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-02-24 00:43 . 2012-02-24 00:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-03-08 23:43 . 2012-03-08 23:36 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012030820120309\index.dat
+ 2012-03-08 23:43 . 2012-03-08 23:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012022020120227\index.dat
+ 2012-02-24 00:35 . 2012-03-08 23:40 49120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2012-02-24 00:43 . 2012-03-08 23:59 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-10-26 14:58 . 2012-03-08 23:37 54548 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-08 23:37 32884 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-02 17:29 . 2012-03-08 23:37 12248 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1275767207-880899964-467927538-1000_UserData.bin
+ 2012-03-08 23:23 . 2012-03-08 23:23 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2012-03-08 23:23 . 2012-03-08 23:23 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2012-03-08 23:23 . 2012-03-08 23:23 65024 c:\windows\system32\pngfilt.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 48640 c:\windows\system32\mshtmler.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 96256 c:\windows\system32\mshtmled.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 12288 c:\windows\system32\mshta.exe
+ 2012-03-08 23:23 . 2012-03-08 23:23 10752 c:\windows\system32\msfeedssync.exe
+ 2012-03-08 23:23 . 2012-03-08 23:23 55296 c:\windows\system32\msfeedsbs.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-02-16 14:07 . 2012-02-23 02:04 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2012-02-16 14:07 . 2012-03-07 15:42 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2012-03-08 23:23 . 2012-03-08 23:23 30720 c:\windows\system32\licmgr10.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 85504 c:\windows\system32\jsproxy.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 49664 c:\windows\system32\imgutil.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 85504 c:\windows\system32\iesetup.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 39936 c:\windows\system32\iernonce.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 89088 c:\windows\system32\ie4uinit.exe
+ 2012-03-08 23:23 . 2012-03-08 23:23 82432 c:\windows\system32\icardie.dll
- 2010-11-02 14:29 . 2012-02-25 20:16 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-02 14:29 . 2012-03-08 23:41 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-02 14:29 . 2012-03-08 23:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-02 14:29 . 2012-02-25 20:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-08 23:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-25 20:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-02 15:37 . 2012-02-25 19:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-02 15:37 . 2012-03-08 23:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-03-08 23:38 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-02-16 13:09 . 2012-02-25 19:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-16 13:09 . 2012-03-08 23:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-16 13:09 . 2012-03-08 23:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-02-16 13:09 . 2012-02-25 19:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-02-16 13:09 . 2012-02-25 19:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2012-02-16 13:09 . 2012-03-08 23:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2010-11-02 15:37 . 2012-02-25 19:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-02 15:37 . 2012-03-08 23:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-02 15:37 . 2012-03-08 23:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-02 15:37 . 2012-02-25 19:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-03 17:10 . 2012-03-08 23:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-03 17:10 . 2012-02-25 19:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-03 17:10 . 2012-03-08 23:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-03 17:10 . 2012-02-25 19:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-08 23:35 . 2012-03-08 23:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-25 19:51 . 2012-02-25 19:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-08 23:35 . 2012-03-08 23:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-25 19:51 . 2012-02-25 19:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-08 23:23 . 2012-03-08 23:23 152064 c:\windows\SysWOW64\wextract.exe
+ 2012-03-08 23:23 . 2012-03-08 23:23 203776 c:\windows\SysWOW64\webcheck.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 420864 c:\windows\SysWOW64\vbscript.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 231936 c:\windows\SysWOW64\url.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 123392 c:\windows\SysWOW64\occache.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 162304 c:\windows\SysWOW64\msrating.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 161792 c:\windows\SysWOW64\msls31.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 580608 c:\windows\SysWOW64\msfeeds.dll
- 2012-01-11 19:07 . 2011-10-14 04:42 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 150528 c:\windows\SysWOW64\iexpress.exe
+ 2012-03-08 23:23 . 2012-03-08 23:23 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-02-24 00:44 . 2011-12-16 07:58 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 118784 c:\windows\SysWOW64\iepeers.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 434176 c:\windows\SysWOW64\ieapfltr.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2009-07-14 04:54 . 2012-03-09 00:12 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-25 21:57 . 2012-02-25 21:57 245980 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT
+ 2012-03-08 23:23 . 2012-03-08 23:23 101888 c:\windows\SysWOW64\admparse.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 160256 c:\windows\system32\wextract.exe
+ 2012-03-08 23:23 . 2012-03-08 23:23 249344 c:\windows\system32\webcheck.dll
+ 2010-11-04 05:30 . 2012-03-07 15:42 336176 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-03-08 23:23 . 2012-03-08 23:23 603648 c:\windows\system32\vbscript.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 237056 c:\windows\system32\url.dll
- 2009-07-14 02:36 . 2012-02-25 20:00 627316 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-08 23:42 627316 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-25 20:00 107600 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-08 23:42 107600 c:\windows\system32\perfc009.dat
+ 2012-03-08 23:23 . 2012-03-08 23:23 149504 c:\windows\system32\occache.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 197120 c:\windows\system32\msrating.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 222208 c:\windows\system32\msls31.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 697344 c:\windows\system32\msfeeds.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 818688 c:\windows\system32\jscript.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 103936 c:\windows\system32\inseng.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 165888 c:\windows\system32\iexpress.exe
+ 2012-03-08 23:23 . 2012-03-08 23:23 173056 c:\windows\system32\ieUnatt.exe
+ 2012-03-08 23:23 . 2012-03-08 23:23 248320 c:\windows\system32\ieui.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 111616 c:\windows\system32\iesysprep.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 145920 c:\windows\system32\iepeers.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 403248 c:\windows\system32\iedkcs32.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 534528 c:\windows\system32\ieapfltr.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 267776 c:\windows\system32\ieaksie.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 160256 c:\windows\system32\ieakeng.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 135168 c:\windows\system32\IEAdvpack.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 282112 c:\windows\system32\dxtrans.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 452608 c:\windows\system32\dxtmsft.dll
+ 2009-07-14 05:38 . 2012-03-08 08:18 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:38 . 2012-02-24 00:29 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:12 . 2012-03-08 23:35 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-02-25 19:52 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-08 23:23 . 2012-03-08 23:23 114176 c:\windows\system32\admparse.dll
+ 2010-11-02 15:37 . 2012-03-08 23:35 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-11-02 15:37 . 2012-02-25 19:52 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-02-24 19:27 551132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-08 23:34 551132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-08 23:23 . 2012-03-08 23:23 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 1798656 c:\windows\SysWOW64\jscript9.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 9705472 c:\windows\SysWOW64\ieframe.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 3695416 c:\windows\SysWOW64\ieapfltr.dat
+ 2009-07-14 04:54 . 2012-03-09 00:12 4767744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-09 00:12 1802240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-08 23:23 . 2012-03-08 23:23 1390080 c:\windows\system32\wininet.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 1345536 c:\windows\system32\urlmon.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 2308096 c:\windows\system32\jscript9.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 2144256 c:\windows\system32\iertutil.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 3695416 c:\windows\system32\ieapfltr.dat
+ 2009-07-14 04:45 . 2012-03-08 23:37 3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-02-24 11:11 3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-03-08 23:23 . 2012-03-08 23:23 12282368 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-03-08 23:48 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-02-25 20:06 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-03-08 23:23 . 2012-03-08 23:23 17790464 c:\windows\system32\mshtml.dll
+ 2012-03-08 23:23 . 2012-03-08 23:23 10887168 c:\windows\system32\ieframe.dll
+ 2010-12-25 18:41 . 2012-02-25 22:45 22566276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1275767207-880899964-467927538-1000-8192.dat
- 2010-12-25 18:41 . 2012-02-24 19:27 22566276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1275767207-880899964-467927538-1000-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-03 39408]
"AdobeUpdater"="c:\program files (x86)\Common Files\Adobe\Updater\AdobeUpdater.exe" [2007-04-04 970752]
"MusicManager"="c:\users\Alisa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-01-11 13224448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-02 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"UVS10 Preload"="c:\program files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]
.
c:\users\Alisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 AFS;AFS; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 136176]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-13 138360]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-31 1030600]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 U6000ALL;HDTV110 TV Box(ALL);c:\windows\system32\DRIVERS\dmdcap.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-20 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 17:27]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 17:27]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275767207-880899964-467927538-1000Core.job
- c:\users\Alisa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 12:27]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275767207-880899964-467927538-1000UA.job
- c:\users\Alisa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 12:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
FF - ProfilePath - c:\users\Alisa\AppData\Roaming\Mozilla\Firefox\Profiles\b87njxjn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-08 19:22:27
ComboFix-quarantined-files.txt 2012-03-09 00:22
ComboFix2.txt 2012-02-25 20:32
.
Pre-Run: 382,879,428,608 bytes free
Post-Run: 382,680,162,304 bytes free
.
- - End Of File - - 9E2B87C2B21D44AA5E868D72966EB85B


aswMBR:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-08 19:24:10
-----------------------------
19:24:10.941 OS Version: Windows x64 6.1.7600
19:24:10.942 Number of processors: 4 586 0x2505
19:24:10.943 ComputerName: ALISA-STUDIO15 UserName: Alisa
19:24:18.675 Initialize success
19:25:21.635 AVAST engine defs: 12030801
19:26:03.232 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:26:03.234 Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3
19:26:03.236 Device \Driver\iaStor -> MajorFunction fffffa8008db65c4
19:26:03.239 Disk 0 MBR read successfully
19:26:03.242 Disk 0 MBR scan
19:26:03.247 Disk 0 Windows VISTA default MBR code
19:26:03.262 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:26:03.277 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
19:26:03.289 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30800325
19:26:03.315 Disk 0 scanning C:\Windows\system32\drivers
19:26:18.226 Service scanning
19:26:44.315 Modules scanning
19:26:44.315 Disk 0 trace - called modules:
19:26:44.331 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys >>UNKNOWN [0xfffffa8008db65c4]<<
19:26:44.331 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006af3060]
19:26:44.331 3 CLASSPNP.SYS[fffff88001aa143f] -> nt!IofCallDriver -> [0xfffffa8006965c40]
19:26:44.347 5 stdflt.sys[fffff880017b9a4a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80067ec050]
19:26:44.347 \Driver\iaStor[0xfffffa8006a10e70] -> IRP_MJ_CREATE -> 0xfffffa8008db65c4
19:26:49.370 AVAST engine scan C:\Windows
19:26:52.615 AVAST engine scan C:\Windows\system32
19:30:27.902 AVAST engine scan C:\Windows\system32\drivers
19:30:45.571 AVAST engine scan C:\Users\Alisa
19:38:24.608 AVAST engine scan C:\ProgramData
19:39:27.147 File: C:\ProgramData\Microsoft\Windows\DRM\C688.tmp **INFECTED** Win32:Malware-gen
19:39:27.185 File: C:\ProgramData\Microsoft\Windows\DRM\C699.tmp **INFECTED** Win32:Malware-gen
19:40:26.429 Scan finished successfully
19:44:36.578 Disk 0 MBR has been saved successfully to "C:\Users\Alisa\Desktop\MBR.dat"
19:44:36.582 The log file has been saved successfully to "C:\Users\Alisa\Desktop\aswMBR.txt"
  • 0

#8
WhiteHat
Posted 09 March 2012 - 03:02 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Close any open browsers.

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Go to Start > Run and write (Copy/Paste): Notepad.exe. Then click in Ok.
  • copy/paste the text in the quotebox below to notepad

    File::
    C:\ProgramData\Microsoft\Windows\DRM\C688.tmp
    c:\programdata\Microsoft\Windows\DRM\C699.tmp

  • Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

# Step 2 #

Run aswMBR again.

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#9
uhhhhelp
Posted 10 March 2012 - 08:48 AM

uhhhhelp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ComboFix 12-03-10.01 - Alisa 03/10/2012 3:25.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6005.4188 [GMT -5:00]
Running from: c:\users\Alisa\Desktop\ComboFix.exe
Command switches used :: c:\users\Alisa\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\DRM\C688.tmp"
"c:\programdata\Microsoft\Windows\DRM\C699.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\C688.tmp
c:\programdata\Microsoft\Windows\DRM\C699.tmp
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 08:36 . 2012-03-10 08:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-10 08:18 . 2012-03-10 08:18 -------- d-----w- c:\users\Alisa\AppData\Local\Zoom_Downloader
2012-03-10 08:18 . 2012-03-10 08:19 -------- d-----w- c:\program files (x86)\Zoom Downloader
2012-02-25 21:39 . 2012-02-25 21:39 -------- d-----w- C:\_OTL
2012-02-24 01:18 . 2006-10-13 16:00 135168 ----a-w- c:\program files (x86)\Mozilla Firefox\smitRem\swreg.exe
2012-02-24 01:18 . 2006-02-08 23:08 40960 ----a-w- c:\program files (x86)\Mozilla Firefox\smitRem\getsts.exe
2012-02-24 01:18 . 2004-07-31 22:50 51200 ----a-w- c:\program files (x86)\Mozilla Firefox\smitRem\dumphive.exe
2012-02-24 01:18 . 2003-12-23 04:48 61440 ----a-w- c:\program files (x86)\Mozilla Firefox\smitRem\pv.exe
2012-02-24 01:18 . 2003-06-06 01:13 53248 ----a-w- c:\program files (x86)\Mozilla Firefox\smitRem\Process.exe
2012-02-24 01:14 . 2012-03-08 08:17 -------- d-----w- c:\program files (x86)\RogueRemover
2012-02-24 01:02 . 2012-02-24 01:02 -------- d-----w- c:\users\Alisa\AppData\Roaming\SPE
2012-02-24 00:46 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-24 00:45 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-24 00:45 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-24 00:45 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-24 00:45 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-24 00:45 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-23 14:08 . 2012-02-23 14:08 -------- d-----w- c:\programdata\AVAST Software
2012-02-23 14:08 . 2012-02-23 14:08 -------- d-----w- c:\program files\AVAST Software
2012-02-23 12:47 . 2012-02-23 12:47 -------- d-----w- c:\windows\Sun
2012-02-23 12:42 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-23 12:42 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 13:42 . 2011-05-21 11:50 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-20 02:23 . 2011-01-06 13:28 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-12-20 02:23 . 2011-01-06 13:28 34688 ----a-w- c:\windows\system32\LMIport.dll
2011-12-20 02:23 . 2011-01-06 13:28 80768 ----a-w- c:\windows\system32\LMIinit.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-09_00.19.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-11-03 15:55 . 2012-03-09 00:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-11-03 15:55 . 2012-03-10 08:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-02-24 00:43 . 2012-03-09 00:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-02-24 00:43 . 2012-02-25 20:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-03-10 08:10 . 2012-03-10 08:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012031020120311\index.dat
+ 2012-02-24 00:43 . 2012-03-10 08:06 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-02-24 00:43 . 2012-03-08 23:59 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-07-14 05:10 . 2012-03-10 08:07 32892 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-02 17:29 . 2012-03-10 08:07 12316 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1275767207-880899964-467927538-1000_UserData.bin
+ 2012-02-16 14:07 . 2012-03-09 11:54 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2012-02-16 14:07 . 2012-03-07 15:42 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2010-11-02 14:29 . 2012-03-08 23:41 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-02 14:29 . 2012-03-10 08:18 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-02 14:29 . 2012-03-08 23:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-02 14:29 . 2012-03-10 08:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-10 08:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-08 23:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-02 15:37 . 2012-03-08 23:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-02 15:37 . 2012-03-10 08:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-03-09 08:33 78720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-02-16 13:09 . 2012-03-08 23:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-16 13:09 . 2012-03-10 08:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-16 13:09 . 2012-03-10 08:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-02-16 13:09 . 2012-03-08 23:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-02-16 13:09 . 2012-03-10 08:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2012-02-16 13:09 . 2012-03-08 23:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2010-11-02 15:37 . 2012-03-10 08:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-02 15:37 . 2012-03-08 23:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-02 15:37 . 2012-03-08 23:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-02 15:37 . 2012-03-10 08:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-08 23:35 . 2012-03-10 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-08 23:35 . 2012-03-08 23:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-08 23:35 . 2012-03-08 23:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-08 23:35 . 2012-03-10 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-03-10 08:23 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-09 00:12 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-04 05:30 . 2012-03-09 11:54 336392 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-03-08 23:42 627316 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-10 08:12 627316 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-10 08:12 107600 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-08 23:42 107600 c:\windows\system32\perfc009.dat
+ 2011-05-31 19:21 . 2011-07-15 21:35 225328 c:\windows\system32\drivers\wpshelper.sys
- 2011-05-31 19:21 . 2011-07-04 20:36 225328 c:\windows\system32\drivers\wpshelper.sys
+ 2009-07-14 05:38 . 2012-03-10 01:30 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:38 . 2012-03-08 08:18 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:12 . 2012-03-09 09:41 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-03-08 23:35 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-11-02 15:37 . 2012-03-10 08:06 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-11-02 15:37 . 2012-03-08 23:35 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-03-10 08:23 4767744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-09 00:12 4767744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-10 08:23 5603328 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-03-08 23:48 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-10 08:22 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-03 39408]
"AdobeUpdater"="c:\program files (x86)\Common Files\Adobe\Updater\AdobeUpdater.exe" [2007-04-04 970752]
"MusicManager"="c:\users\Alisa\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-01-11 13224448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-02 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"UVS10 Preload"="c:\program files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Zoom Downloader Uninstall"="rd" [X]
"Download Manager Data Uninstall"="rd" [X]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]
.
c:\users\Alisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 AFS;AFS; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 136176]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-13 138360]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-31 1030600]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 U6000ALL;HDTV110 TV Box(ALL);c:\windows\system32\DRIVERS\dmdcap.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-20 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 17:27]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 17:27]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275767207-880899964-467927538-1000Core.job
- c:\users\Alisa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 12:27]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275767207-880899964-467927538-1000UA.job
- c:\users\Alisa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 12:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
FF - ProfilePath - c:\users\Alisa\AppData\Roaming\Mozilla\Firefox\Profiles\b87njxjn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-10 04:04:24
ComboFix-quarantined-files.txt 2012-03-10 09:04
ComboFix2.txt 2012-03-09 00:22
ComboFix3.txt 2012-02-25 20:32
.
Pre-Run: 380,514,021,376 bytes free
Post-Run: 379,623,272,448 bytes free
.
- - End Of File - - DA520B9823885BFB3D9F50DB64D2DAF5



aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-10 05:08:33
-----------------------------
05:08:33.718 OS Version: Windows x64 6.1.7600
05:08:33.718 Number of processors: 4 586 0x2505
05:08:33.718 ComputerName: ALISA-STUDIO15 UserName: Alisa
05:08:35.371 Initialize success
05:10:35.994 AVAST engine defs: 12031001
05:12:04.211 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
05:12:04.214 Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3
05:12:04.217 Device \Driver\iaStor -> MajorFunction fffffa8008e215c4
05:12:04.221 Disk 0 MBR read successfully
05:12:04.223 Disk 0 MBR scan
05:12:04.230 Disk 0 Windows VISTA default MBR code
05:12:04.235 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
05:12:04.257 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
05:12:04.277 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30800325
05:12:04.315 Disk 0 scanning C:\Windows\system32\drivers
05:12:26.828 Service scanning
05:13:06.986 Modules scanning
05:13:06.996 Disk 0 trace - called modules:
05:13:07.005 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys >>UNKNOWN [0xfffffa8008e215c4]<<
05:13:07.012 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006ae8060]
05:13:07.019 3 CLASSPNP.SYS[fffff88001b1943f] -> nt!IofCallDriver -> [0xfffffa8006983ce0]
05:13:07.026 5 stdflt.sys[fffff88001a64a4a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800685b050]
05:13:07.033 \Driver\iaStor[0xfffffa8006a12cf0] -> IRP_MJ_CREATE -> 0xfffffa8008e215c4
05:13:15.754 AVAST engine scan C:\Windows
05:13:18.094 Disk 0 MBR has been saved successfully to "C:\Users\Alisa\Desktop\MBR.dat"
05:13:18.108 The log file has been saved successfully to "C:\Users\Alisa\Desktop\aswMBR.txt"
05:13:22.986 AVAST engine scan C:\Windows\system32
05:20:45.617 AVAST engine scan C:\Windows\system32\drivers
05:21:11.996 AVAST engine scan C:\Users\Alisa
05:38:08.346 AVAST engine scan C:\ProgramData
05:41:32.237 Scan finished successfully
05:46:39.228 Disk 0 MBR has been saved successfully to "C:\Users\Alisa\Desktop\MBR.dat"
05:46:39.256 The log file has been saved successfully to "C:\Users\Alisa\Desktop\aswMBR.txt"
  • 0

#10
WhiteHat
Posted 11 March 2012 - 05:48 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
How is your computer?

Posted Image Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be
    prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#11
uhhhhelp
Posted 12 March 2012 - 06:07 AM

uhhhhelp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
After doing what is in the last post (it rebooted) I am still having all of the same problems with my computer. Mozilla is not working, Google is redirecting and Smitfraud still shows up in my Spybot and will 'delete' but is there if I scan again.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.11.12

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Alisa :: ALISA-STUDIO15 [administrator]

3/11/2012 17:47:56
mbam-log-2012-03-11 (17-47-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 452445
Time elapsed: 1 hour(s), 22 minute(s), 55 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4740 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Alisa\Downloads\AutoCAD 2010\AAC2010_Keygen-64bits.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)
  • 0

#12
WhiteHat
Posted 13 March 2012 - 07:07 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop ( it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.
Posted Image
Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

#13
NeonFx
Posted 17 March 2012 - 02:43 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP