Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
I found a problem with my brother's computer. He had a virus that popped up one of those "Windows Recovery" windows and disallowed use of the task manager. A system restore was the only method that saved the computer from a reformat, however I believe the virus is still there, because another side-effect of the virus was all of his files and programs were "hidden", and he cannot view them. For example, a music file he had in iTunes will still play, but when you look at the folder itunes points at, nothing is there - right clicking the folder shows an appropriate number of GBs used so they are there, simply hidden. A Malwarebytes scan and multiple Combofix scans did nothing. Here is the Combofix log if it would help:
Spoiler
ComboFix 11-06-03.04 - Daniel 06/06/2011 18:30:25.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2249 [GMT -4:00]
Running from: E:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-06 to 2011-06-06 )))))))))))))))))))))))))))))))
.
.
2011-06-06 22:33 . 2011-06-06 22:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-06 21:15 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68E02F69-097F-4510-84C4-9E92D4B2A167}\mpengine.dll
2011-06-06 02:48 . 2011-06-06 02:48 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes
2011-06-06 02:48 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-06 02:48 . 2011-06-06 02:48 -------- d-----w- c:\programdata\Malwarebytes
2011-06-06 02:48 . 2011-06-06 02:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-06 02:48 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 04:04 . 2011-05-28 04:04 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-25 12:56 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-18 18:58 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-18 18:58 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-13 02:08 . 2011-05-22 02:10 -------- d--h--w- c:\users\Daniel\AppData\Local\{0364A0D2-C681-47A5-A92E-966833A2004A}
2011-05-12 00:59 . 2011-05-12 00:59 0 ---ha-w- c:\users\Daniel\AppData\Local\BITA0A9.tmp
2011-05-11 02:48 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 02:48 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 02:48 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 02:48 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 02:48 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 02:48 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 02:48 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 02:48 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 02:48 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-10 00:24 . 2011-05-11 00:25 -------- d--h--w- c:\users\Daniel\AppData\Local\{A13E1AC2-C1EC-4E3B-BE96-3BDF8D1E999F}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 23:14 . 2009-12-26 19:53 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-04-18 08:17 . 2010-10-18 03:09 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-04-17 20:21 . 2010-11-05 20:26 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-17 20:20 . 2010-11-05 20:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-14 11:07 . 2011-04-14 11:07 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-14 11:07 . 2011-04-14 11:07 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-14 11:07 . 2011-04-14 11:07 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-14 11:07 . 2011-04-14 11:07 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-14 11:07 . 2011-04-14 11:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-14 11:07 . 2011-04-14 11:07 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-14 11:07 . 2011-04-14 11:07 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-14 11:07 . 2011-04-14 11:07 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-14 11:07 . 2011-04-14 11:07 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-14 11:07 . 2011-04-14 11:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-14 11:07 . 2011-04-14 11:07 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-14 11:07 . 2011-04-14 11:07 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-14 11:07 . 2011-04-14 11:07 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-14 11:07 . 2011-04-14 11:07 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-14 11:07 . 2011-04-14 11:07 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-14 11:07 . 2011-04-14 11:07 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-14 11:07 . 2011-04-14 11:07 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-14 11:07 . 2011-04-14 11:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-14 11:07 . 2011-04-14 11:07 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-14 11:07 . 2011-04-14 11:07 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-14 11:07 . 2011-04-14 11:07 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-14 11:07 . 2011-04-14 11:07 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-14 11:07 . 2011-04-14 11:07 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-14 11:07 . 2011-04-14 11:07 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-14 11:07 . 2011-04-14 11:07 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-14 11:07 . 2011-04-14 11:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-14 11:07 . 2011-04-14 11:07 448512 ----a-w- c:\windows\system32\html.iec
2011-04-14 11:07 . 2011-04-14 11:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-14 11:07 . 2011-04-14 11:07 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-14 11:07 . 2011-04-14 11:07 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-14 11:07 . 2011-04-14 11:07 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-14 11:07 . 2011-04-14 11:07 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-14 11:07 . 2011-04-14 11:07 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-14 11:07 . 2011-04-14 11:07 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-14 11:07 . 2011-04-14 11:07 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-14 11:07 . 2011-04-14 11:07 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-14 11:07 . 2011-04-14 11:07 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-14 11:07 . 2011-04-14 11:07 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-14 11:07 . 2011-04-14 11:07 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-14 11:07 . 2011-04-14 11:07 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-14 11:07 . 2011-04-14 11:07 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-14 11:07 . 2011-04-14 11:07 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-13 08:16 . 2010-10-18 03:09 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-13 08:16 . 2010-10-18 02:59 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-21 17:22 . 2011-03-21 17:22 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-03-21 17:22 . 2011-03-21 17:22 452200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-03-21 17:22 . 2009-11-12 13:24 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-03-17 03:01 . 2010-11-27 23:22 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-03-14 23:33 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-14 15:40 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-14 15:40 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-12 12:08 . 2011-04-27 01:32 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 11:23 . 2011-04-27 01:32 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:41 . 2011-04-27 01:32 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 06:41 . 2011-04-27 01:32 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:41 . 2011-04-27 01:32 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:41 . 2011-04-27 01:32 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:41 . 2011-04-27 01:32 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:41 . 2011-04-27 01:32 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:41 . 2011-04-27 01:32 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:34 . 2011-04-14 00:45 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-14 00:45 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:33 . 2011-04-27 01:32 2565632 ----a-w- c:\windows\system32\esent.dll
2011-03-11 06:30 . 2011-04-27 01:32 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-03-11 05:33 . 2011-04-14 00:45 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-14 00:45 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:33 . 2011-04-27 01:32 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-11 05:31 . 2011-04-27 01:32 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2006-05-03 16:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-06_02.44.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-24 18:02 . 2011-06-06 13:20 62308 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-06-06 13:20 40926 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-06-06 02:34 40926 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-25 18:30 . 2011-06-06 13:20 20094 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3308051315-3821115587-1048171399-1000_UserData.bin
+ 2009-07-14 05:30 . 2011-06-06 18:54 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-05-28 03:49 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-12-25 16:11 . 2011-06-06 02:14 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-25 16:11 . 2011-06-06 02:48 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-25 16:11 . 2011-06-06 02:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-25 16:11 . 2011-06-06 02:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-06 02:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-06 02:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-06 13:18 . 2011-06-06 13:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-06 02:32 . 2011-06-06 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-06 13:18 . 2011-06-06 13:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-06-06 02:32 . 2011-06-06 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-26 01:23 . 2011-06-06 18:52 274132 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2011-05-28 03:57 639058 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-06-06 22:07 639058 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-05-28 03:57 112030 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-06-06 22:07 112030 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2011-05-28 03:49 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-06-06 18:54 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-05-28 03:49 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-06-06 18:54 143360 c:\windows\system32\DriverStore\infstor.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 22:40 1362320 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CardScanAgent"="c:\program files (x86)\CardScan\CardScan\CardScanAgent.exe" [2008-08-28 152824]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-09-23 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lytr3frs.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3308051315-3821115587-1048171399-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3923DBBA-2316-CCD2-81A0-325B700CCE1B}*]
"oamjogkojinmelhohhplbhncoipfmk"=hex:6a,61,6a,67,70,6e,67,6f,6d,6a,6d,61,6a,61,
6e,61,6f,6a,67,68,00,00
"nagkeajomfbkepbphilkndlfngio"=hex:6a,61,69,67,6a,67,6f,69,66,6b,67,6c,64,6e,
63,6f,61,6f,6d,69,00,00
"oaiioapomhldofhcipnijppjgboeih"=hex:64,61,6a,67,6c,67,6a,6e,00,fc
.
[HKEY_USERS\S-1-5-21-3308051315-3821115587-1048171399-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{911B1BB0-63BC-956A-7D18-4F0A2EA0A8A9}*]
"oahacbmgcdbhaifndhgfkpcfikdlmb"=hex:62,61,68,6b,00,20
"bbhacbmgcdphgaekgkioipklghppccolcpad"=hex:62,61,68,6b,00,00
"abhacbmgcdphgaekgkopocaoakhlgkcgeo"=hex:62,61,68,6b,00,20
"bbhacbmgcdbhdinnllhdndekbdnkjglnjbep"=hex:62,61,67,68,00,60
.
[HKEY_USERS\S-1-5-21-3308051315-3821115587-1048171399-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D07E0D1-539D-7A6F-68D0-AE28D0154D65}*]
"pahadllfpccimaoegibkbobmgfpdaiek"=hex:62,61,68,6b,00,00
"cbhadllfpccigogbliemmciojhejandbbcoagm"=hex:62,61,68,6b,00,00
"bbhadllfpccigogbliemcinmpddnfnpmkgdg"=hex:62,61,68,6b,00,00
"cbhadllfpccimadfmojdmcaeiglmlnffokhncg"=hex:62,61,67,6c,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-06 18:35:19
ComboFix-quarantined-files.txt 2011-06-06 22:35
ComboFix2.txt 2011-06-06 22:12
ComboFix3.txt 2011-06-06 02:45
.
Pre-Run: 476,343,377,920 bytes free
Post-Run: 476,285,538,304 bytes free
.
- - End Of File - - 0809BD750139F76BC2BB6C46EE37AE1D
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.2249 [GMT -4:00]
Running from: E:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-06 to 2011-06-06 )))))))))))))))))))))))))))))))
.
.
2011-06-06 22:33 . 2011-06-06 22:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-06 21:15 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68E02F69-097F-4510-84C4-9E92D4B2A167}\mpengine.dll
2011-06-06 02:48 . 2011-06-06 02:48 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes
2011-06-06 02:48 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-06 02:48 . 2011-06-06 02:48 -------- d-----w- c:\programdata\Malwarebytes
2011-06-06 02:48 . 2011-06-06 02:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-06 02:48 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 04:04 . 2011-05-28 04:04 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-25 12:56 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-18 18:58 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-18 18:58 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-13 02:08 . 2011-05-22 02:10 -------- d--h--w- c:\users\Daniel\AppData\Local\{0364A0D2-C681-47A5-A92E-966833A2004A}
2011-05-12 00:59 . 2011-05-12 00:59 0 ---ha-w- c:\users\Daniel\AppData\Local\BITA0A9.tmp
2011-05-11 02:48 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 02:48 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 02:48 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 02:48 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 02:48 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 02:48 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 02:48 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 02:48 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 02:48 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-10 00:24 . 2011-05-11 00:25 -------- d--h--w- c:\users\Daniel\AppData\Local\{A13E1AC2-C1EC-4E3B-BE96-3BDF8D1E999F}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 23:14 . 2009-12-26 19:53 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-04-18 08:17 . 2010-10-18 03:09 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-04-17 20:21 . 2010-11-05 20:26 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-17 20:20 . 2010-11-05 20:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-14 11:07 . 2011-04-14 11:07 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-14 11:07 . 2011-04-14 11:07 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-14 11:07 . 2011-04-14 11:07 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-14 11:07 . 2011-04-14 11:07 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-14 11:07 . 2011-04-14 11:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-14 11:07 . 2011-04-14 11:07 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-14 11:07 . 2011-04-14 11:07 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-14 11:07 . 2011-04-14 11:07 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-14 11:07 . 2011-04-14 11:07 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-14 11:07 . 2011-04-14 11:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-14 11:07 . 2011-04-14 11:07 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-14 11:07 . 2011-04-14 11:07 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-14 11:07 . 2011-04-14 11:07 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-14 11:07 . 2011-04-14 11:07 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-14 11:07 . 2011-04-14 11:07 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-14 11:07 . 2011-04-14 11:07 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-14 11:07 . 2011-04-14 11:07 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-14 11:07 . 2011-04-14 11:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-14 11:07 . 2011-04-14 11:07 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-14 11:07 . 2011-04-14 11:07 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-14 11:07 . 2011-04-14 11:07 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-14 11:07 . 2011-04-14 11:07 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-14 11:07 . 2011-04-14 11:07 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-14 11:07 . 2011-04-14 11:07 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-14 11:07 . 2011-04-14 11:07 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-14 11:07 . 2011-04-14 11:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-14 11:07 . 2011-04-14 11:07 448512 ----a-w- c:\windows\system32\html.iec
2011-04-14 11:07 . 2011-04-14 11:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-14 11:07 . 2011-04-14 11:07 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-14 11:07 . 2011-04-14 11:07 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-14 11:07 . 2011-04-14 11:07 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-14 11:07 . 2011-04-14 11:07 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-14 11:07 . 2011-04-14 11:07 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-14 11:07 . 2011-04-14 11:07 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-14 11:07 . 2011-04-14 11:07 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-14 11:07 . 2011-04-14 11:07 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-14 11:07 . 2011-04-14 11:07 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-14 11:07 . 2011-04-14 11:07 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-14 11:07 . 2011-04-14 11:07 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-14 11:07 . 2011-04-14 11:07 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-14 11:07 . 2011-04-14 11:07 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-14 11:07 . 2011-04-14 11:07 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-13 08:16 . 2010-10-18 03:09 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-13 08:16 . 2010-10-18 02:59 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-21 17:22 . 2011-03-21 17:22 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-03-21 17:22 . 2011-03-21 17:22 452200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-03-21 17:22 . 2009-11-12 13:24 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-03-17 03:01 . 2010-11-27 23:22 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-03-14 23:33 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-14 15:40 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-14 15:40 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-12 12:08 . 2011-04-27 01:32 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 11:23 . 2011-04-27 01:32 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:41 . 2011-04-27 01:32 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 06:41 . 2011-04-27 01:32 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:41 . 2011-04-27 01:32 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:41 . 2011-04-27 01:32 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:41 . 2011-04-27 01:32 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:41 . 2011-04-27 01:32 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:41 . 2011-04-27 01:32 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:34 . 2011-04-14 00:45 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-14 00:45 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:33 . 2011-04-27 01:32 2565632 ----a-w- c:\windows\system32\esent.dll
2011-03-11 06:30 . 2011-04-27 01:32 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-03-11 05:33 . 2011-04-14 00:45 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-14 00:45 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:33 . 2011-04-27 01:32 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-11 05:31 . 2011-04-27 01:32 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2006-05-03 16:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-06_02.44.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-24 18:02 . 2011-06-06 13:20 62308 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-06-06 13:20 40926 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-06-06 02:34 40926 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-25 18:30 . 2011-06-06 13:20 20094 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3308051315-3821115587-1048171399-1000_UserData.bin
+ 2009-07-14 05:30 . 2011-06-06 18:54 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-05-28 03:49 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-12-25 16:11 . 2011-06-06 02:14 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-25 16:11 . 2011-06-06 02:48 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-25 16:11 . 2011-06-06 02:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-25 16:11 . 2011-06-06 02:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-06 02:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-06 02:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-06 13:18 . 2011-06-06 13:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-06 02:32 . 2011-06-06 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-06 13:18 . 2011-06-06 13:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-06-06 02:32 . 2011-06-06 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-26 01:23 . 2011-06-06 18:52 274132 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2011-05-28 03:57 639058 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-06-06 22:07 639058 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-05-28 03:57 112030 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-06-06 22:07 112030 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2011-05-28 03:49 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-06-06 18:54 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-05-28 03:49 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-06-06 18:54 143360 c:\windows\system32\DriverStore\infstor.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 22:40 1362320 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CardScanAgent"="c:\program files (x86)\CardScan\CardScan\CardScanAgent.exe" [2008-08-28 152824]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-09-23 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\lytr3frs.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3308051315-3821115587-1048171399-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3923DBBA-2316-CCD2-81A0-325B700CCE1B}*]
"oamjogkojinmelhohhplbhncoipfmk"=hex:6a,61,6a,67,70,6e,67,6f,6d,6a,6d,61,6a,61,
6e,61,6f,6a,67,68,00,00
"nagkeajomfbkepbphilkndlfngio"=hex:6a,61,69,67,6a,67,6f,69,66,6b,67,6c,64,6e,
63,6f,61,6f,6d,69,00,00
"oaiioapomhldofhcipnijppjgboeih"=hex:64,61,6a,67,6c,67,6a,6e,00,fc
.
[HKEY_USERS\S-1-5-21-3308051315-3821115587-1048171399-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{911B1BB0-63BC-956A-7D18-4F0A2EA0A8A9}*]
"oahacbmgcdbhaifndhgfkpcfikdlmb"=hex:62,61,68,6b,00,20
"bbhacbmgcdphgaekgkioipklghppccolcpad"=hex:62,61,68,6b,00,00
"abhacbmgcdphgaekgkopocaoakhlgkcgeo"=hex:62,61,68,6b,00,20
"bbhacbmgcdbhdinnllhdndekbdnkjglnjbep"=hex:62,61,67,68,00,60
.
[HKEY_USERS\S-1-5-21-3308051315-3821115587-1048171399-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D07E0D1-539D-7A6F-68D0-AE28D0154D65}*]
"pahadllfpccimaoegibkbobmgfpdaiek"=hex:62,61,68,6b,00,00
"cbhadllfpccigogbliemmciojhejandbbcoagm"=hex:62,61,68,6b,00,00
"bbhadllfpccigogbliemcinmpddnfnpmkgdg"=hex:62,61,68,6b,00,00
"cbhadllfpccimadfmojdmcaeiglmlnffokhncg"=hex:62,61,67,6c,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-06 18:35:19
ComboFix-quarantined-files.txt 2011-06-06 22:35
ComboFix2.txt 2011-06-06 22:12
ComboFix3.txt 2011-06-06 02:45
.
Pre-Run: 476,343,377,920 bytes free
Post-Run: 476,285,538,304 bytes free
.
- - End Of File - - 0809BD750139F76BC2BB6C46EE37AE1D
This post has been edited by hamluis: 07 June 2011 - 02:34 PM
Reason for edit: Moved from Win 7 to Malware Removal Logs.
Back to top
icon on your desktop.
button.
