BleepingComputer.com: Web browser infected

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 4 Pages +
  • 1
  • 2
  • 3
  • Last »
  • You cannot start a new topic
  • This topic is locked

Web browser infected unknown virus

#1 User is offline   Usko_Detra 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 24
  • Joined: 23-October 11

Posted 23 October 2011 - 01:20 AM

Hi, on Friday My computer got infected with something. It's double underline hyperlinking key words on websites, and when You hover Your mouse over the hyperlink, it displays search results from an engine called AdMedia. occasionally I also get redirected to a site called Domainsa.com. The ad also appears on Youtube videos. It's only affecting Firefox, as other browsers are still ok. I've ran many virus checks with McAfee and Malwarebytes, and none of them can find anything wrong. I've cleared My cookies and caches, also. Can someone help Me out with this? EDIT: sometimes when typing in an adress, like google.ca, without the WWW before it, it will change to domainsa. After further investigation, the URL bar, when the mouse is hovered over the AdMedia icon, it's linked to Intextual.com. After googling it, I had this result: "AdMedia's intextual.com platform puts users in the driver's seat. Industry professionals call this permission based marketing" I'm thinking that their search engine package somehow installed itself onto My computer/browser, but I still can't remove it. I'll update again as I keep investigating.
EDIT 2: when I try to do a search via the address bar, I get a tab that says "Firefox can't find the file at jar:file:///C:/Program Files (x86)/Mozilla Firefox/omni.jar!/chrome/en-US/locale/browser-region/region.propertiesall+dressed."


I've uploaded some pictures, if they might help.

Posted Image Posted Image

Posted Image Posted Image

Posted Image

This post has been edited by Usko_Detra: 23 October 2011 - 09:32 PM

#2 User is offline   Orange Blossom 

  • OBleepin Investigator
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 29,827
  • Joined: 14-July 06
  • Gender:Not Telling
  • Location:Bloomington, IN

Posted 23 October 2011 - 03:47 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom
An ounce of prevention is worth a pound of cure
SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 User is offline   Usko_Detra 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 24
  • Joined: 23-October 11

Posted 23 October 2011 - 04:23 PM

Ok, I can't run the Gmer program, but here's the DDS log:
EDIT: It's also redirecting through a website called 404bucks.com,which is another division of AdMedia, and domainsa highjacks Google's search occasionally


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Matt at 2:36:32 on 2011-10-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.8184.5035 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Audio and Video programs\WinTV\TVServer\HauppaugeTVServer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Audio and Video programs\WinTV\TVServer\CaptureGenPCI.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Audio and Video programs\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Users\Matt\Downloads\PowerColor HD5750\Catalyst\ATI.ACE\Core-Static\MOM.exe
C:\Audio and Video programs\WinTV\WinTV7\WinTVTray.exe
C:\Users\Matt\Downloads\PowerColor HD5750\Catalyst\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uStart Page = hxxp://www.runescape.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110327193126.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Steam] "C:\Games\Steam\steam.exe" -silent
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [StartCCC] "C:\Users\Matt\Downloads\PowerColor HD5750\Catalyst\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Audio and Video programs\iTunes\iTunesHelper.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOST~1.LNK - C:\Audio and Video programs\WinTV\Ir.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NDRIVE~1.LNK - C:\Windows\Installer\{C59A9BCE-1F58-41E7-97B1-0D4DF09E7D3C}\_A66CE0EFBDF3B63BCBF826.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINTVR~1.LNK - C:\Audio and Video programs\WinTV\WinTV7\WinTVTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 209.226.51.46 209.226.51.10
TCP: Interfaces\{39968C27-287A-45EB-9CF5-405132056AC3} : DhcpNameServer = 209.226.51.46 209.226.51.10
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110327193126.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun-x64: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [StartCCC] "C:\Users\Matt\Downloads\PowerColor HD5750\Catalyst\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Audio and Video programs\iTunes\iTunesHelper.exe"
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2cesy0m7.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.startrekonline.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2cesy0m7.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2cesy0m7.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2cesy0m7.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\RadioWMPCoreGecko6.dll
FF - plugin: C:\Audio and Video programs\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 HauppaugeTVServer;HauppaugeTVServer;C:\Audio and Video programs\WinTV\TVServer\HauppaugeTVServer.exe [2010-2-5 434176]
R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-3-10 192512]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-22 366152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-27 355440]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-27 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-27 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-27 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-3-27 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-3-27 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-3-27 149032]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-21 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-21 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-27 355440]
.
=============== Created Last 30 ================
.
2011-10-23 01:57:07 -------- d-----w- C:\Users\Matt\AppData\Roaming\Malwarebytes
2011-10-23 01:56:41 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-23 01:56:38 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-23 01:56:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-23 01:19:32 -------- d-----w- C:\Users\Matt\AppData\Local\{578C534B-3BFB-4C2B-9100-32FCDF0E81A4}
2011-10-23 01:19:21 -------- d-----w- C:\Users\Matt\AppData\Local\{57C5F6BA-1F25-4A2C-9123-1A43B0552458}
2011-10-22 05:38:53 -------- d-----w- C:\Users\Matt\AppData\Local\{1C47D9D9-CA83-4097-9DB1-F3AB88E1CFD2}
2011-10-22 05:38:42 -------- d-----w- C:\Users\Matt\AppData\Local\{B9BBDFE2-F2E3-4AEA-B070-828F63329F5A}
2011-10-22 03:07:47 -------- d-----w- C:\Users\Matt\AppData\Local\Fallout3
2011-10-21 17:38:15 -------- d-----w- C:\Users\Matt\AppData\Local\{16EF0C59-5C4F-47BB-AA41-F33BA5AF63F9}
2011-10-21 17:38:04 -------- d-----w- C:\Users\Matt\AppData\Local\{B3DBAE6D-56A9-4CAB-9195-A9306A74200D}
2011-10-21 05:37:38 -------- d-----w- C:\Users\Matt\AppData\Local\{29B1695B-0133-45B4-AF14-8B58B6D518F7}
2011-10-20 17:37:13 -------- d-----w- C:\Users\Matt\AppData\Local\{E420C3B5-05FD-4928-88E5-E049C4CC3D25}
2011-10-20 17:37:01 -------- d-----w- C:\Users\Matt\AppData\Local\{AE87C397-186E-490F-9521-FF5F56FE2754}
2011-10-19 19:54:47 -------- d-----w- C:\Users\Matt\AppData\Local\{D00C1B5C-CB03-4A42-8FD3-038A3E00C08D}
2011-10-19 19:54:36 -------- d-----w- C:\Users\Matt\AppData\Local\{49954C21-F7B7-48B8-B9D1-A810A9F8EBFA}
2011-10-19 06:01:01 -------- d-----w- C:\Users\Matt\AppData\Local\{81378572-E11B-4C4A-A140-F11E283DDBC1}
2011-10-19 06:00:50 -------- d-----w- C:\Users\Matt\AppData\Local\{EB7F9244-101E-4BCD-8335-9A72A8D68A84}
2011-10-18 18:00:14 -------- d-----w- C:\Users\Matt\AppData\Local\{9C12630A-2BD3-4DBC-907A-65C010817C5F}
2011-10-18 18:00:00 -------- d-----w- C:\Users\Matt\AppData\Local\{EEC83AD5-E0E1-4318-B8C1-95FCDFE404D3}
2011-10-18 05:59:32 -------- d-----w- C:\Users\Matt\AppData\Local\{0C3301D5-523B-4297-B45B-C7235465E40F}
2011-10-18 05:59:21 -------- d-----w- C:\Users\Matt\AppData\Local\{5471246C-F497-49B9-94F9-AAAB65E7E8BD}
2011-10-17 17:58:50 -------- d-----w- C:\Users\Matt\AppData\Local\{F9303786-2A46-4AE5-A32C-4D5D589E2F52}
2011-10-17 17:58:39 -------- d-----w- C:\Users\Matt\AppData\Local\{436B1AB9-8007-44FE-A763-D2BCC79507E9}
2011-10-16 19:40:59 -------- d-----w- C:\Users\Matt\AppData\Local\{2A903310-30C4-4CDE-BF64-BAC8B2C5E26A}
2011-10-16 19:40:47 -------- d-----w- C:\Users\Matt\AppData\Local\{4096BD02-5FE3-4F11-AA88-BCFBC938B581}
2011-10-16 06:15:30 -------- d-----w- C:\Users\Matt\AppData\Roaming\.minecraft
2011-10-16 05:28:08 -------- d-----w- C:\Users\Matt\AppData\Local\{B079618C-82C3-498E-9D7A-0E9C3ECF3620}
2011-10-15 17:27:41 -------- d-----w- C:\Users\Matt\AppData\Local\{AC248DE6-A5DD-4C1D-B866-B2A864A288D5}
2011-10-15 17:27:28 -------- d-----w- C:\Users\Matt\AppData\Local\{6229058F-481B-4D14-BBCA-B3EABF2CCE09}
2011-10-15 05:19:33 -------- d-----w- C:\Users\Matt\AppData\Local\{382E6DFC-B4A1-4410-903F-EA6D87A86E8E}
2011-10-15 05:19:22 -------- d-----w- C:\Users\Matt\AppData\Local\{6E532250-A33D-4B0C-B304-C4C21E2E1951}
2011-10-14 17:18:55 -------- d-----w- C:\Users\Matt\AppData\Local\{0A9025F0-5332-4E34-8DEE-DE2992D9A94E}
2011-10-14 17:18:43 -------- d-----w- C:\Users\Matt\AppData\Local\{BE97BD9B-7FE1-44CE-AC52-54A52BD29F24}
2011-10-13 19:53:50 -------- d-----w- C:\Users\Matt\AppData\Local\{B476259B-C1D5-47CE-9D0B-7E6738C2D6B8}
2011-10-13 19:53:37 -------- d-----w- C:\Users\Matt\AppData\Local\{E7D89C8C-29AC-4027-B38B-21EECEE4E6C5}
2011-10-13 06:46:54 -------- d-----w- C:\Users\Matt\AppData\Local\{3D4E13DB-71EF-400D-98A3-3813618C23FE}
2011-10-13 06:46:44 -------- d-----w- C:\Users\Matt\AppData\Local\{009496E4-CAF8-40B0-A375-5A7C0CC59A6D}
2011-10-12 18:46:17 -------- d-----w- C:\Users\Matt\AppData\Local\{8A6EE519-D01E-4EE9-8DA3-A4B3DED03B81}
2011-10-12 18:46:04 -------- d-----w- C:\Users\Matt\AppData\Local\{B51D6007-B11B-4C51-A65C-A105EAFAB126}
2011-10-12 05:10:21 -------- d-----w- C:\Users\Matt\AppData\Local\{B105D075-0EE9-42EB-9666-20391FBDC8A0}
2011-10-12 05:10:10 -------- d-----w- C:\Users\Matt\AppData\Local\{3C30536B-303A-4033-82B1-78CAC69666A8}
2011-10-11 17:09:44 -------- d-----w- C:\Users\Matt\AppData\Local\{FFD71169-5870-41CC-8E1A-8DFBEAF90180}
2011-10-11 17:09:33 -------- d-----w- C:\Users\Matt\AppData\Local\{43F3C4E7-9EF8-4B27-8908-35BD50D8D16C}
2011-10-11 05:09:08 -------- d-----w- C:\Users\Matt\AppData\Local\{97F5E2AA-0C7E-4FB1-B45E-60957EB4C02F}
2011-10-10 17:08:44 -------- d-----w- C:\Users\Matt\AppData\Local\{6ABACDE2-46CB-40FC-BA1D-54BD2FCDD522}
2011-10-10 17:08:33 -------- d-----w- C:\Users\Matt\AppData\Local\{03AD3048-FEED-4670-9BA3-5B1D16EA80F9}
2011-10-10 04:12:12 -------- d-----w- C:\Users\Matt\AppData\Local\{C3221F5C-DF15-48E4-978B-E4374434602A}
2011-10-10 04:12:01 -------- d-----w- C:\Users\Matt\AppData\Local\{D26F753A-D965-4D87-AB12-313F49F7CB0B}
2011-10-09 16:11:34 -------- d-----w- C:\Users\Matt\AppData\Local\{8D30D00A-C959-481F-9CEC-F0DBD4AFCC79}
2011-10-09 16:11:21 -------- d-----w- C:\Users\Matt\AppData\Local\{2C558A16-656B-407C-BC1E-A7212829EBCB}
2011-10-08 19:42:24 -------- d-----w- C:\Users\Matt\AppData\Local\{635B1BCE-93E2-40DA-A0D1-4CC52AC3AD0A}
2011-10-08 19:42:10 -------- d-----w- C:\Users\Matt\AppData\Local\{F8F537EC-E0F7-43B1-B603-69A5B0ABE31F}
2011-10-07 19:40:18 -------- d-----w- C:\Users\Matt\AppData\Local\{61D88D6D-80B9-45FE-AF3B-424616565FBC}
2011-10-07 19:40:07 -------- d-----w- C:\Users\Matt\AppData\Local\{E495EE00-226D-4F12-B9B2-8C199520DBFF}
2011-10-07 01:06:41 -------- d-----w- C:\Users\Matt\AppData\Local\{0AF335A4-001E-45C9-A7C0-92F5F8250D06}
2011-10-07 01:06:30 -------- d-----w- C:\Users\Matt\AppData\Local\{897F3118-39E8-4DA8-B19C-D79901DA7082}
2011-10-05 18:46:58 -------- d-----w- C:\Users\Matt\AppData\Local\{BFEEEC05-A08F-4F6D-A7D9-F95F8F971D22}
2011-10-05 18:46:44 -------- d-----w- C:\Users\Matt\AppData\Local\{23D5BDA2-3683-4B68-A1CD-7013CEB61610}
2011-10-04 18:37:37 -------- d-----w- C:\Users\Matt\AppData\Local\{5BE688D6-E00F-495E-957D-A319EDE629A2}
2011-10-04 18:37:24 -------- d-----w- C:\Users\Matt\AppData\Local\{08A7C272-54DE-48A3-BE4A-A81A380AE295}
2011-10-03 21:44:12 -------- d-----w- C:\Users\Matt\AppData\Local\{7577A4E6-474D-4CB0-8BC3-642082079757}
2011-10-03 21:44:00 -------- d-----w- C:\Users\Matt\AppData\Local\{A0F6D1B3-523E-4BB6-B1F9-8ED3FA1C69E3}
2011-10-02 18:37:04 -------- d-----w- C:\Users\Matt\AppData\Local\{FCC69C40-4270-418F-90F6-5696095074C8}
2011-10-02 18:36:52 -------- d-----w- C:\Users\Matt\AppData\Local\{E9879DAE-EF49-4653-98E0-A7F7D184B3B2}
2011-10-01 19:32:24 -------- d-----w- C:\Users\Matt\AppData\Local\{B15AFEB3-DD85-4292-A052-EDEC2FC31F32}
2011-10-01 19:32:11 -------- d-----w- C:\Users\Matt\AppData\Local\{B97A31E6-4815-473D-B28C-9E214DFF43C0}
2011-09-30 20:27:34 -------- d-----w- C:\Users\Matt\AppData\Local\{DF2C4D68-41E3-40F8-8B41-9EDC38E0ADEE}
2011-09-30 20:27:21 -------- d-----w- C:\Users\Matt\AppData\Local\{4B74437E-F385-4A95-B874-DC7351920264}
2011-09-29 19:53:55 -------- d-----w- C:\Users\Matt\AppData\Local\{23E666E1-F5F9-43D9-BFF3-6ACECB3BAC3B}
2011-09-29 19:53:43 -------- d-----w- C:\Users\Matt\AppData\Local\{5C080C0B-63EF-41B5-9736-350312F9A7BE}
2011-09-28 20:00:44 -------- d-----w- C:\Users\Matt\AppData\Local\{DB4921D5-05A5-4D8F-8778-261E7DB17B1E}
2011-09-28 20:00:27 -------- d-----w- C:\Users\Matt\AppData\Local\{75370756-7B04-4EBD-A91E-93D239BF3E57}
2011-09-27 22:03:20 -------- d-----w- C:\Users\Matt\AppData\Local\{2C641106-4B01-4143-A710-DB7B76824B0E}
2011-09-27 22:03:08 -------- d-----w- C:\Users\Matt\AppData\Local\{1CA6C962-E188-4EEF-9D96-7FE225A97B62}
2011-09-27 07:59:32 -------- d-----w- C:\Users\Matt\AppData\Local\{10E2A2F9-5DCE-4E50-8CD6-A623F2620435}
2011-09-27 07:59:19 -------- d-----w- C:\Users\Matt\AppData\Local\{769CA600-FCF6-4752-A25E-5924AB147411}
2011-09-26 19:58:48 -------- d-----w- C:\Users\Matt\AppData\Local\{A666506D-A354-4807-864B-1B94DB10CF4A}
2011-09-26 19:58:36 -------- d-----w- C:\Users\Matt\AppData\Local\{60621594-ED3F-49DE-983B-FFBF2AD5CE3F}
2011-09-26 05:31:10 -------- d-----w- C:\Users\Matt\AppData\Local\{E2FDC39D-2101-427D-BD4E-786871B3409F}
2011-09-26 05:30:59 -------- d-----w- C:\Users\Matt\AppData\Local\{6D65D559-5A2E-41D5-9DC9-A8ACB3617C34}
2011-09-25 17:30:24 -------- d-----w- C:\Users\Matt\AppData\Local\{2AF97D3E-A30A-4A29-B3B5-72B0796C7074}
2011-09-25 17:30:09 -------- d-----w- C:\Users\Matt\AppData\Local\{474090D5-040C-4987-845D-0284EBBFB57B}
2011-09-24 19:44:56 -------- d-----w- C:\Users\Matt\AppData\Local\{90EC1142-BE8A-43E1-A51D-A406DE4B3037}
2011-09-24 19:44:42 -------- d-----w- C:\Users\Matt\AppData\Local\{A70365B6-257F-4882-8F82-14D423C69EE4}
2011-09-23 19:02:23 -------- d-----w- C:\Users\Matt\AppData\Local\{CB2F1C7E-19B2-4184-AFAE-B13D8D5CE3AA}
2011-09-23 19:02:12 -------- d-----w- C:\Users\Matt\AppData\Local\{D37B9685-6BBD-4019-B6AA-BBE3D011F9C3}
.
==================== Find3M ====================
.
2011-10-23 05:33:44 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 2:37:33.07 ===============

This post has been edited by Usko_Detra: 24 October 2011 - 04:06 PM

#4 User is offline   HelpBot 

  • Bleepin' Binary Bot
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Bots
  • Posts: 5,607
  • Joined: 05-October 07
  • Gender:Male

Posted 28 October 2011 - 01:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/424633 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.

  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.


Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 28 October 2011 - 05:11 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK

    Do not re-enable these drivers until otherwise instructed.


Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt

    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply


information and logs:

    In your next post I need the following

    • .logs from DDS
    • let me know of any problems you may have had


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#6 User is offline   Usko_Detra 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 24
  • Joined: 23-October 11

Posted 28 October 2011 - 11:31 PM

Hi, here's a new DDS Log:
I also cleared all My cookies and the stash, as well as deleted temp files and all that, I've also uninstalled and reinstalled My browser, but it's still pestering Me.
I also get popups from Feed.trackinganalytics, which then redirects to an advertising page.
Do You know what's going on with My browser?


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Matt at 0:28:12 on 2011-10-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.8184.5478 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Audio and Video programs\WinTV\TVServer\HauppaugeTVServer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Audio and Video programs\WinTV\TVServer\CaptureGenPCI.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\hp\support\hpsysdrv.exe
C:\Audio and Video programs\WinTV\WinTV7\WinTVTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Audio and Video programs\iTunes\iTunesHelper.exe
C:\Users\Matt\Downloads\PowerColor HD5750\Catalyst\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Users\Matt\Downloads\PowerColor HD5750\Catalyst\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uStart Page = hxxp://www.runescape.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110327193126.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Steam] "C:\Games\Steam\steam.exe" -silent
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [StartCCC] "C:\Users\Matt\Downloads\PowerColor HD5750\Catalyst\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Audio and Video programs\iTunes\iTunesHelper.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOST~1.LNK - C:\Audio and Video programs\WinTV\Ir.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NDRIVE~1.LNK - C:\Windows\Installer\{C59A9BCE-1F58-41E7-97B1-0D4DF09E7D3C}\_A66CE0EFBDF3B63BCBF826.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINTVR~1.LNK - C:\Audio and Video programs\WinTV\WinTV7\WinTVTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 209.226.51.46 209.226.51.10
TCP: Interfaces\{39968C27-287A-45EB-9CF5-405132056AC3} : DhcpNameServer = 209.226.51.46 209.226.51.10
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110327193126.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun-x64: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [StartCCC] "C:\Users\Matt\Downloads\PowerColor HD5750\Catalyst\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Audio and Video programs\iTunes\iTunesHelper.exe"
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2cesy0m7.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.startrekonline.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: keyword.enabled - false
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2cesy0m7.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2cesy0m7.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2cesy0m7.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\RadioWMPCoreGecko6.dll
FF - plugin: C:\Audio and Video programs\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 HauppaugeTVServer;HauppaugeTVServer;C:\Audio and Video programs\WinTV\TVServer\HauppaugeTVServer.exe [2010-2-5 434176]
R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-3-10 192512]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-22 366152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-27 355440]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-27 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-27 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-27 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-3-27 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-3-27 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-3-27 149032]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-21 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-21 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-27 355440]
.
=============== Created Last 30 ================
.
2011-10-28 19:24:15 -------- d-----w- C:\Users\Matt\AppData\Local\{B37334B3-D64D-415C-B266-F78D617176E3}
2011-10-28 19:24:02 -------- d-----w- C:\Users\Matt\AppData\Local\{F0F87D74-6DC9-4980-A732-654DE5938E23}
2011-10-28 07:23:34 -------- d-----w- C:\Users\Matt\AppData\Local\{3E440285-298D-4763-A16A-B45DC01ADA89}
2011-10-27 19:23:02 -------- d-----w- C:\Users\Matt\AppData\Local\{3479FAEB-5E76-410E-B3CF-36265FDCA3EE}
2011-10-27 19:22:47 -------- d-----w- C:\Users\Matt\AppData\Local\{C717845E-FC58-47D8-A6B4-8D3D0EFB3F4C}
2011-10-26 20:11:04 -------- d-----w- C:\Users\Matt\AppData\Local\{357FAF4A-10FE-4905-91EB-3D987BF3301D}
2011-10-26 20:10:52 -------- d-----w- C:\Users\Matt\AppData\Local\{8257D57C-ABD3-4AD6-9F3E-6695F5289E57}
2011-10-26 07:28:25 -------- d-----w- C:\Users\Matt\AppData\Local\{600A37D2-08C5-4AC5-94BA-96ED02205991}
2011-10-26 07:28:14 -------- d-----w- C:\Users\Matt\AppData\Local\{78C2A276-F8AA-4FC4-8351-B2DD1D8DE383}
2011-10-26 01:48:52 -------- d-----w- C:\Users\Matt\AppData\Roaming\Disney Interactive Studios
2011-10-25 19:27:45 -------- d-----w- C:\Users\Matt\AppData\Local\{E1341920-196D-49BA-A1AF-59A3D83E6B6E}
2011-10-25 19:27:33 -------- d-----w- C:\Users\Matt\AppData\Local\{AE05FF53-6BF7-4FD9-BF50-C332F89FB252}
2011-10-25 07:24:28 -------- d-----w- C:\Users\Matt\AppData\Local\{47F60337-EBEB-4927-AE80-55FB7F20AD8D}
2011-10-24 19:24:03 -------- d-----w- C:\Users\Matt\AppData\Local\{6D6D3B18-0262-4A74-A400-1CD73C559C5E}
2011-10-24 19:23:50 -------- d-----w- C:\Users\Matt\AppData\Local\{08C0D8A3-C224-406F-A771-7A565EF7166F}
2011-10-23 20:04:45 -------- d-----w- C:\Users\Matt\AppData\Local\{B3CBF8E7-E087-4C33-B9DA-16168D2BC0CF}
2011-10-23 20:04:33 -------- d-----w- C:\Users\Matt\AppData\Local\{E004C5DB-1E21-4267-904E-69A5622A42F7}
2011-10-23 01:57:07 -------- d-----w- C:\Users\Matt\AppData\Roaming\Malwarebytes
2011-10-23 01:56:41 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-23 01:56:38 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-23 01:56:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-23 01:19:32 -------- d-----w- C:\Users\Matt\AppData\Local\{578C534B-3BFB-4C2B-9100-32FCDF0E81A4}
2011-10-23 01:19:21 -------- d-----w- C:\Users\Matt\AppData\Local\{57C5F6BA-1F25-4A2C-9123-1A43B0552458}
2011-10-22 05:38:53 -------- d-----w- C:\Users\Matt\AppData\Local\{1C47D9D9-CA83-4097-9DB1-F3AB88E1CFD2}
2011-10-22 05:38:42 -------- d-----w- C:\Users\Matt\AppData\Local\{B9BBDFE2-F2E3-4AEA-B070-828F63329F5A}
2011-10-22 03:07:47 -------- d-----w- C:\Users\Matt\AppData\Local\Fallout3
2011-10-21 17:38:15 -------- d-----w- C:\Users\Matt\AppData\Local\{16EF0C59-5C4F-47BB-AA41-F33BA5AF63F9}
2011-10-21 17:38:04 -------- d-----w- C:\Users\Matt\AppData\Local\{B3DBAE6D-56A9-4CAB-9195-A9306A74200D}
2011-10-21 05:37:38 -------- d-----w- C:\Users\Matt\AppData\Local\{29B1695B-0133-45B4-AF14-8B58B6D518F7}
2011-10-20 17:37:13 -------- d-----w- C:\Users\Matt\AppData\Local\{E420C3B5-05FD-4928-88E5-E049C4CC3D25}
2011-10-20 17:37:01 -------- d-----w- C:\Users\Matt\AppData\Local\{AE87C397-186E-490F-9521-FF5F56FE2754}
2011-10-19 19:54:47 -------- d-----w- C:\Users\Matt\AppData\Local\{D00C1B5C-CB03-4A42-8FD3-038A3E00C08D}
2011-10-19 19:54:36 -------- d-----w- C:\Users\Matt\AppData\Local\{49954C21-F7B7-48B8-B9D1-A810A9F8EBFA}
2011-10-19 06:01:01 -------- d-----w- C:\Users\Matt\AppData\Local\{81378572-E11B-4C4A-A140-F11E283DDBC1}
2011-10-19 06:00:50 -------- d-----w- C:\Users\Matt\AppData\Local\{EB7F9244-101E-4BCD-8335-9A72A8D68A84}
2011-10-18 18:00:14 -------- d-----w- C:\Users\Matt\AppData\Local\{9C12630A-2BD3-4DBC-907A-65C010817C5F}
2011-10-18 18:00:00 -------- d-----w- C:\Users\Matt\AppData\Local\{EEC83AD5-E0E1-4318-B8C1-95FCDFE404D3}
2011-10-18 05:59:32 -------- d-----w- C:\Users\Matt\AppData\Local\{0C3301D5-523B-4297-B45B-C7235465E40F}
2011-10-18 05:59:21 -------- d-----w- C:\Users\Matt\AppData\Local\{5471246C-F497-49B9-94F9-AAAB65E7E8BD}
2011-10-17 17:58:50 -------- d-----w- C:\Users\Matt\AppData\Local\{F9303786-2A46-4AE5-A32C-4D5D589E2F52}
2011-10-17 17:58:39 -------- d-----w- C:\Users\Matt\AppData\Local\{436B1AB9-8007-44FE-A763-D2BCC79507E9}
2011-10-16 19:40:59 -------- d-----w- C:\Users\Matt\AppData\Local\{2A903310-30C4-4CDE-BF64-BAC8B2C5E26A}
2011-10-16 19:40:47 -------- d-----w- C:\Users\Matt\AppData\Local\{4096BD02-5FE3-4F11-AA88-BCFBC938B581}
2011-10-16 06:15:30 -------- d-----w- C:\Users\Matt\AppData\Roaming\.minecraft
2011-10-16 05:28:08 -------- d-----w- C:\Users\Matt\AppData\Local\{B079618C-82C3-498E-9D7A-0E9C3ECF3620}
2011-10-15 17:27:41 -------- d-----w- C:\Users\Matt\AppData\Local\{AC248DE6-A5DD-4C1D-B866-B2A864A288D5}
2011-10-15 17:27:28 -------- d-----w- C:\Users\Matt\AppData\Local\{6229058F-481B-4D14-BBCA-B3EABF2CCE09}
2011-10-15 05:19:33 -------- d-----w- C:\Users\Matt\AppData\Local\{382E6DFC-B4A1-4410-903F-EA6D87A86E8E}
2011-10-15 05:19:22 -------- d-----w- C:\Users\Matt\AppData\Local\{6E532250-A33D-4B0C-B304-C4C21E2E1951}
2011-10-14 17:18:55 -------- d-----w- C:\Users\Matt\AppData\Local\{0A9025F0-5332-4E34-8DEE-DE2992D9A94E}
2011-10-14 17:18:43 -------- d-----w- C:\Users\Matt\AppData\Local\{BE97BD9B-7FE1-44CE-AC52-54A52BD29F24}
2011-10-13 19:53:50 -------- d-----w- C:\Users\Matt\AppData\Local\{B476259B-C1D5-47CE-9D0B-7E6738C2D6B8}
2011-10-13 19:53:37 -------- d-----w- C:\Users\Matt\AppData\Local\{E7D89C8C-29AC-4027-B38B-21EECEE4E6C5}
2011-10-13 06:46:54 -------- d-----w- C:\Users\Matt\AppData\Local\{3D4E13DB-71EF-400D-98A3-3813618C23FE}
2011-10-13 06:46:44 -------- d-----w- C:\Users\Matt\AppData\Local\{009496E4-CAF8-40B0-A375-5A7C0CC59A6D}
2011-10-12 18:46:17 -------- d-----w- C:\Users\Matt\AppData\Local\{8A6EE519-D01E-4EE9-8DA3-A4B3DED03B81}
2011-10-12 18:46:04 -------- d-----w- C:\Users\Matt\AppData\Local\{B51D6007-B11B-4C51-A65C-A105EAFAB126}
2011-10-12 05:10:21 -------- d-----w- C:\Users\Matt\AppData\Local\{B105D075-0EE9-42EB-9666-20391FBDC8A0}
2011-10-12 05:10:10 -------- d-----w- C:\Users\Matt\AppData\Local\{3C30536B-303A-4033-82B1-78CAC69666A8}
2011-10-11 17:09:44 -------- d-----w- C:\Users\Matt\AppData\Local\{FFD71169-5870-41CC-8E1A-8DFBEAF90180}
2011-10-11 17:09:33 -------- d-----w- C:\Users\Matt\AppData\Local\{43F3C4E7-9EF8-4B27-8908-35BD50D8D16C}
2011-10-11 05:09:08 -------- d-----w- C:\Users\Matt\AppData\Local\{97F5E2AA-0C7E-4FB1-B45E-60957EB4C02F}
2011-10-10 17:08:44 -------- d-----w- C:\Users\Matt\AppData\Local\{6ABACDE2-46CB-40FC-BA1D-54BD2FCDD522}
2011-10-10 17:08:33 -------- d-----w- C:\Users\Matt\AppData\Local\{03AD3048-FEED-4670-9BA3-5B1D16EA80F9}
2011-10-10 04:12:12 -------- d-----w- C:\Users\Matt\AppData\Local\{C3221F5C-DF15-48E4-978B-E4374434602A}
2011-10-10 04:12:01 -------- d-----w- C:\Users\Matt\AppData\Local\{D26F753A-D965-4D87-AB12-313F49F7CB0B}
2011-10-09 16:11:34 -------- d-----w- C:\Users\Matt\AppData\Local\{8D30D00A-C959-481F-9CEC-F0DBD4AFCC79}
2011-10-09 16:11:21 -------- d-----w- C:\Users\Matt\AppData\Local\{2C558A16-656B-407C-BC1E-A7212829EBCB}
2011-10-08 19:42:24 -------- d-----w- C:\Users\Matt\AppData\Local\{635B1BCE-93E2-40DA-A0D1-4CC52AC3AD0A}
2011-10-08 19:42:10 -------- d-----w- C:\Users\Matt\AppData\Local\{F8F537EC-E0F7-43B1-B603-69A5B0ABE31F}
2011-10-07 19:40:18 -------- d-----w- C:\Users\Matt\AppData\Local\{61D88D6D-80B9-45FE-AF3B-424616565FBC}
2011-10-07 19:40:07 -------- d-----w- C:\Users\Matt\AppData\Local\{E495EE00-226D-4F12-B9B2-8C199520DBFF}
2011-10-07 01:06:41 -------- d-----w- C:\Users\Matt\AppData\Local\{0AF335A4-001E-45C9-A7C0-92F5F8250D06}
2011-10-07 01:06:30 -------- d-----w- C:\Users\Matt\AppData\Local\{897F3118-39E8-4DA8-B19C-D79901DA7082}
2011-10-05 18:46:58 -------- d-----w- C:\Users\Matt\AppData\Local\{BFEEEC05-A08F-4F6D-A7D9-F95F8F971D22}
2011-10-05 18:46:44 -------- d-----w- C:\Users\Matt\AppData\Local\{23D5BDA2-3683-4B68-A1CD-7013CEB61610}
2011-10-04 18:37:37 -------- d-----w- C:\Users\Matt\AppData\Local\{5BE688D6-E00F-495E-957D-A319EDE629A2}
2011-10-04 18:37:24 -------- d-----w- C:\Users\Matt\AppData\Local\{08A7C272-54DE-48A3-BE4A-A81A380AE295}
2011-10-03 21:44:12 -------- d-----w- C:\Users\Matt\AppData\Local\{7577A4E6-474D-4CB0-8BC3-642082079757}
2011-10-03 21:44:00 -------- d-----w- C:\Users\Matt\AppData\Local\{A0F6D1B3-523E-4BB6-B1F9-8ED3FA1C69E3}
2011-10-02 18:37:04 -------- d-----w- C:\Users\Matt\AppData\Local\{FCC69C40-4270-418F-90F6-5696095074C8}
2011-10-02 18:36:52 -------- d-----w- C:\Users\Matt\AppData\Local\{E9879DAE-EF49-4653-98E0-A7F7D184B3B2}
2011-10-01 19:32:24 -------- d-----w- C:\Users\Matt\AppData\Local\{B15AFEB3-DD85-4292-A052-EDEC2FC31F32}
2011-10-01 19:32:11 -------- d-----w- C:\Users\Matt\AppData\Local\{B97A31E6-4815-473D-B28C-9E214DFF43C0}
2011-09-30 20:27:34 -------- d-----w- C:\Users\Matt\AppData\Local\{DF2C4D68-41E3-40F8-8B41-9EDC38E0ADEE}
2011-09-30 20:27:21 -------- d-----w- C:\Users\Matt\AppData\Local\{4B74437E-F385-4A95-B874-DC7351920264}
2011-09-29 19:53:55 -------- d-----w- C:\Users\Matt\AppData\Local\{23E666E1-F5F9-43D9-BFF3-6ACECB3BAC3B}
2011-09-29 19:53:43 -------- d-----w- C:\Users\Matt\AppData\Local\{5C080C0B-63EF-41B5-9736-350312F9A7BE}
.
==================== Find3M ====================
.
2011-10-23 05:33:44 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 0:28:56.70 ===============

This post has been edited by Usko_Detra: 29 October 2011 - 01:03 AM

#7 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 29 October 2011 - 06:26 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#8 User is offline   Usko_Detra 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 24
  • Joined: 23-October 11

Posted 29 October 2011 - 08:15 PM

Hi,

Before I run Combofix, I just want to know what's going on with My browser.

#9 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 29 October 2011 - 08:27 PM

Hello


well I suspect that the routers settings have been changed but before I get you to change the router I want to make sure what has changed the settings are not still on the computer




gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#10 User is offline   Usko_Detra 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 24
  • Joined: 23-October 11

Posted 29 October 2011 - 10:16 PM

Hi, here's the log from Combofix, it deleted a file, but Firefox is still doing what it did.


ComboFix 11-10-29.06 - Matt 29/10/2011 22:18:49.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.8184.6470 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 02:33 . 2011-10-30 02:33 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-10-30 02:33 . 2011-10-30 02:33 -------- d-----w- c:\users\TEMP.Matt-PC\AppData\Local\temp
2011-10-30 02:33 . 2011-10-30 02:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-26 01:48 . 2011-10-26 01:48 -------- d-----w- c:\users\Matt\AppData\Roaming\Disney Interactive Studios
2011-10-23 05:33 . 2011-10-23 05:33 -------- d-----w- c:\windows\system32\Macromed
2011-10-23 01:57 . 2011-10-23 01:57 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2011-10-23 01:56 . 2011-10-23 01:56 -------- d-----w- c:\programdata\Malwarebytes
2011-10-23 01:56 . 2011-10-23 01:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-23 01:56 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-22 03:07 . 2011-10-22 03:07 -------- d-----w- c:\users\Matt\AppData\Local\Fallout3
2011-10-16 06:15 . 2011-10-16 06:21 -------- d-----w- c:\users\Matt\AppData\Roaming\.minecraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 05:33 . 2011-08-14 20:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-06 04:20 . 2011-08-06 04:20 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 163328]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-05 3077528]
"Steam"="c:\games\Steam\steam.exe" [2011-09-26 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StartCCC"="c:\users\Matt\Downloads\PowerColor HD5750\Catalyst\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\audio and video programs\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1484856]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\audio and video programs\WinTV\Ir.exe [2010-2-5 110647]
NDrive Update Agent.lnk - c:\windows\Installer\{C59A9BCE-1F58-41E7-97B1-0D4DF09E7D3C}\_A66CE0EFBDF3B63BCBF826.exe [2011-9-9 140206]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2008-9-8 430080]
WinTV Recording Status..lnk - c:\audio and video programs\WinTV\WinTV7\WinTVTray.exe [2010-2-5 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-22 136176]
R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-22 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 HauppaugeTVServer;HauppaugeTVServer;c:\audio and video programs\WinTV\TVServer\HauppaugeTVServer.exe [2009-06-05 434176]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-14 149032]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - IDSVia64
*Deregistered* - mfeavfk01
*Deregistered* - SymEFA
*Deregistered* - SYMFW
*Deregistered* - SYMNDISV
*Deregistered* - SYMTDI
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-22 03:51]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-22 03:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.runescape.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.226.51.46 209.226.51.10
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2cesy0m7.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.startrekonline.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: keyword.enabled - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-sp43111 - c:\hp\Softpaq\sp43111\sp43111.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3941653321-956662587-3663273246-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:09,66,a2,cb,3d,6f,9b,37,01,0f,60,8d,e1,13,22,8c,80,b7,4f,11,ec,d2,12,
92,e7,17,36,92,15,30,36,98,a5,bd,09,ee,c9,a3,7c,62,04,19,b8,1b,e6,5e,a5,0c,\
"??"=hex:a0,61,76,1a,b3,c8,9b,e0,05,2e,95,a9,c8,c9,59,e4
.
[HKEY_USERS\S-1-5-21-3941653321-956662587-3663273246-1000\Software\SecuROM\License information*]
"datasecu"=hex:79,ec,83,dc,d8,8e,05,71,e0,3f,18,85,f6,52,73,e8,f0,95,cf,c1,d0,
54,be,c2,4c,85,3f,87,6e,79,79,78,9b,9e,2e,64,ed,79,ad,f6,8d,6c,a1,e4,24,9b,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\audio and video programs\WinTV\TVServer\CaptureGenPCI.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2011-10-29 23:03:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-30 03:03
.
Pre-Run: 360,451,973,120 bytes free
Post-Run: 362,430,287,872 bytes free
.
- - End Of File - - 71B92A990412092C16589D6777977A59

#11 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 29 October 2011 - 10:30 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

    In your next post I need the following

    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#12 User is offline   Usko_Detra 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 24
  • Joined: 23-October 11

Posted 29 October 2011 - 11:28 PM

Hi, here's the new Log, and Firefox is still doing what it did.


ComboFix 11-10-29.06 - Matt 29/10/2011 23:41:00.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.8184.6427 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
Command switches used :: c:\users\Matt\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 03:53 . 2011-10-30 03:53 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-10-30 03:53 . 2011-10-30 03:53 -------- d-----w- c:\users\TEMP.Matt-PC\AppData\Local\temp
2011-10-30 03:53 . 2011-10-30 03:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-26 01:48 . 2011-10-26 01:48 -------- d-----w- c:\users\Matt\AppData\Roaming\Disney Interactive Studios
2011-10-23 05:33 . 2011-10-23 05:33 -------- d-----w- c:\windows\system32\Macromed
2011-10-23 01:57 . 2011-10-23 01:57 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2011-10-23 01:56 . 2011-10-23 01:56 -------- d-----w- c:\programdata\Malwarebytes
2011-10-23 01:56 . 2011-10-23 01:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-23 01:56 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-22 03:07 . 2011-10-22 03:07 -------- d-----w- c:\users\Matt\AppData\Local\Fallout3
2011-10-16 06:15 . 2011-10-16 06:21 -------- d-----w- c:\users\Matt\AppData\Roaming\.minecraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 05:33 . 2011-08-14 20:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-06 04:20 . 2011-08-06 04:20 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-30_02.37.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-05 04:11 . 2011-10-30 03:57 49894 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-10-30 02:38 37126 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-30 03:57 37126 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-05 04:03 . 2011-10-30 03:57 23568 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3941653321-956662587-3663273246-1000_UserData.bin
+ 2010-02-05 02:04 . 2011-10-30 03:08 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-05 02:04 . 2011-10-30 01:37 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-05 02:04 . 2011-10-30 01:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-05 02:04 . 2011-10-30 03:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-30 03:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-30 01:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-05 04:16 . 2011-10-30 03:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-05 04:16 . 2011-10-30 02:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-05 04:16 . 2011-10-30 02:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-05 04:16 . 2011-10-30 03:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-30 01:55 . 2011-10-30 03:06 8192 c:\windows\system32\Microsoft\Protect\Recovery\Recovery.dat
- 2011-10-30 01:55 . 2011-10-30 01:56 8192 c:\windows\system32\Microsoft\Protect\Recovery\Recovery.dat
+ 2011-10-30 03:55 . 2011-10-30 03:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-30 02:35 . 2011-10-30 02:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-30 02:35 . 2011-10-30 02:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-30 03:55 . 2011-10-30 03:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-10-30 03:54 330324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-30 02:34 330324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-02-04 21:35 . 2011-10-30 02:34 2310848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-02-04 21:35 . 2011-10-30 03:54 2310848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-05-18 06:50 . 2011-10-30 03:54 3835653 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3941653321-956662587-3663273246-1000-8192.dat
- 2010-05-18 06:50 . 2011-10-30 02:34 3835653 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3941653321-956662587-3663273246-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 163328]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-05 3077528]
"Steam"="c:\games\Steam\steam.exe" [2011-09-26 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StartCCC"="c:\users\Matt\Downloads\PowerColor HD5750\Catalyst\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\audio and video programs\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1484856]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\audio and video programs\WinTV\Ir.exe [2010-2-5 110647]
NDrive Update Agent.lnk - c:\windows\Installer\{C59A9BCE-1F58-41E7-97B1-0D4DF09E7D3C}\_A66CE0EFBDF3B63BCBF826.exe [2011-9-9 140206]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2008-9-8 430080]
WinTV Recording Status..lnk - c:\audio and video programs\WinTV\WinTV7\WinTVTray.exe [2010-2-5 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-22 136176]
R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-22 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 HauppaugeTVServer;HauppaugeTVServer;c:\audio and video programs\WinTV\TVServer\HauppaugeTVServer.exe [2009-06-05 434176]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-14 149032]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - IDSVia64
*Deregistered* - mfeavfk01
*Deregistered* - SymEFA
*Deregistered* - SYMFW
*Deregistered* - SYMNDISV
*Deregistered* - SYMTDI
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-22 03:51]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-22 03:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.runescape.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.226.51.46 209.226.51.10
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2cesy0m7.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.startrekonline.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: keyword.enabled - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3941653321-956662587-3663273246-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:09,66,a2,cb,3d,6f,9b,37,01,0f,60,8d,e1,13,22,8c,80,b7,4f,11,ec,d2,12,
92,e7,17,36,92,15,30,36,98,a5,bd,09,ee,c9,a3,7c,62,04,19,b8,1b,e6,5e,a5,0c,\
"??"=hex:a0,61,76,1a,b3,c8,9b,e0,05,2e,95,a9,c8,c9,59,e4
.
[HKEY_USERS\S-1-5-21-3941653321-956662587-3663273246-1000\Software\SecuROM\License information*]
"datasecu"=hex:79,ec,83,dc,d8,8e,05,71,e0,3f,18,85,f6,52,73,e8,f0,95,cf,c1,d0,
54,be,c2,4c,85,3f,87,6e,79,79,78,9b,9e,2e,64,ed,79,ad,f6,8d,6c,a1,e4,24,9b,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\rundll32.exe
c:\audio and video programs\WinTV\TVServer\CaptureGenPCI.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2011-10-30 00:21:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-30 04:21
.
Pre-Run: 362,491,133,952 bytes free
Post-Run: 362,535,686,144 bytes free
.
- - End Of File - - 63F59246F7B9A6C8EB00E1B9A42916D1

#13 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 30 October 2011 - 05:39 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

  • Please post the contents of OTListIt.txt in your next reply.


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#14 User is offline   Usko_Detra 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 24
  • Joined: 23-October 11

Posted 30 October 2011 - 07:24 PM

Is it possible that an add-on is causing the issue?
Edit: Is it safe to remove Combofix now?
Here's the log:



OTL logfile created on: 30/10/2011 8:53:36 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Matt\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.99 Gb Total Physical Memory | 5.86 Gb Available Physical Memory | 73.27% Memory free
15.98 Gb Paging File | 13.33 Gb Available in Paging File | 83.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.18 Gb Total Space | 337.68 Gb Free Space | 49.28% Space Free | Partition Type: NTFS
Drive D: | 13.31 Gb Total Space | 1.83 Gb Free Space | 13.71% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Audio and Video programs\WinTV\TVServer\CaptureGenPCI.exe (Hauppauge Computer Works)
PRC - C:\Audio and Video programs\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
PRC - C:\Audio and Video programs\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
PRC - C:\Windows\SysWOW64\WinMsgBalloonServer.exe ()
PRC - C:\Windows\SysWOW64\WinMsgBalloonClient.exe ()
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe ()
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2cesy0m7.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\components\RadioWMPCoreGecko7.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()
MOD - C:\Audio and Video programs\WinTV\TVServer\HauppaugeTVServerps.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HauppaugeTVServer) -- C:\Audio and Video programs\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
SRV - (AMD_RAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
SRV - (HPBtnSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\HCW85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3941653321-956662587-3663273246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
IE - HKU\S-1-5-21-3941653321-956662587-3663273246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3941653321-956662587-3663273246-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3941653321-956662587-3663273246-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3941653321-956662587-3663273246-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.startrekonline.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: YouTubeAutoReplay@arikv.com:2.5
FF - prefs.js..extensions.enabledItems: {a8864317-e18b-4292-99d9-e6e65ab905d3}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..keyword.enabled: false

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Audio and Video programs\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/09/27 01:13:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/22 21:48:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/26 23:32:08 | 000,000,000 | ---D | M]

[2010/02/04 22:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2011/10/30 20:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2cesy0m7.default\extensions
[2011/04/13 13:09:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2cesy0m7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/28 15:57:58 | 000,000,000 | ---D | M] (RuneScape Community Toolbar) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\2cesy0m7.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
[2011/10/22 21:48:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/05 01:17:44 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/29 04:02:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/29 05:20:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 00:38:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/26 01:51:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/26 21:39:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/25 17:39:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 17:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/03/30 15:08:28 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/10/29 23:56:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110327193126.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110327193126.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Users\Matt\Downloads\PowerColor HD5750\Catalyst\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3941653321-956662587-3663273246-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3941653321-956662587-3663273246-1000..\Run: [Steam] C:\Games\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3941653321-956662587-3663273246-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3941653321-956662587-3663273246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3941653321-956662587-3663273246-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab (HP Product Detection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.226.51.46 209.226.51.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39968C27-287A-45EB-9CF5-405132056AC3}: DhcpNameServer = 209.226.51.46 209.226.51.10
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/30 20:51:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2011/10/30 20:02:07 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{D1FC0D4F-E00E-4E0E-8EFD-14F4CAE072A7}
[2011/10/30 20:01:56 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{BCD8F9CA-525B-46B5-ABF7-8B2E6DB24ADB}
[2011/10/30 17:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/10/29 23:56:29 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/10/29 22:16:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/29 22:16:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/29 22:16:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/29 22:16:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/29 22:16:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/29 21:53:29 | 004,278,104 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2011/10/29 21:12:30 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{D38664A3-E39D-4689-8C17-9C46F5556308}
[2011/10/29 21:12:19 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{2AB283AC-0E5E-4DE8-BD12-14E44A0C4F34}
[2011/10/29 03:24:54 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{A6E06778-B3EF-4E46-A55D-8D32173CF299}
[2011/10/29 03:24:43 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{61EE83BD-DCEC-47CC-B558-C0C5537D7614}
[2011/10/28 15:24:15 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B37334B3-D64D-415C-B266-F78D617176E3}
[2011/10/28 15:24:02 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{F0F87D74-6DC9-4980-A732-654DE5938E23}
[2011/10/28 03:23:34 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{3E440285-298D-4763-A16A-B45DC01ADA89}
[2011/10/27 15:23:02 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{3479FAEB-5E76-410E-B3CF-36265FDCA3EE}
[2011/10/27 15:22:47 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{C717845E-FC58-47D8-A6B4-8D3D0EFB3F4C}
[2011/10/26 16:11:04 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{357FAF4A-10FE-4905-91EB-3D987BF3301D}
[2011/10/26 16:10:52 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{8257D57C-ABD3-4AD6-9F3E-6695F5289E57}
[2011/10/26 03:28:25 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{600A37D2-08C5-4AC5-94BA-96ED02205991}
[2011/10/26 03:28:14 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{78C2A276-F8AA-4FC4-8351-B2DD1D8DE383}
[2011/10/25 21:48:52 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Disney Interactive Studios
[2011/10/25 15:27:45 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{E1341920-196D-49BA-A1AF-59A3D83E6B6E}
[2011/10/25 15:27:33 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{AE05FF53-6BF7-4FD9-BF50-C332F89FB252}
[2011/10/25 03:24:28 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{47F60337-EBEB-4927-AE80-55FB7F20AD8D}
[2011/10/24 15:24:03 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{6D6D3B18-0262-4A74-A400-1CD73C559C5E}
[2011/10/24 15:23:50 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{08C0D8A3-C224-406F-A771-7A565EF7166F}
[2011/10/23 16:04:45 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B3CBF8E7-E087-4C33-B9DA-16168D2BC0CF}
[2011/10/23 16:04:33 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{E004C5DB-1E21-4267-904E-69A5622A42F7}
[2011/10/23 02:35:27 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\adware
[2011/10/23 01:33:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/10/22 21:57:07 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes
[2011/10/22 21:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/22 21:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/22 21:56:38 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/10/22 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/22 21:19:32 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{578C534B-3BFB-4C2B-9100-32FCDF0E81A4}
[2011/10/22 21:19:21 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{57C5F6BA-1F25-4A2C-9123-1A43B0552458}
[2011/10/22 01:38:53 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{1C47D9D9-CA83-4097-9DB1-F3AB88E1CFD2}
[2011/10/22 01:38:42 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B9BBDFE2-F2E3-4AEA-B070-828F63329F5A}
[2011/10/21 23:07:47 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Fallout3
[2011/10/21 13:38:15 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{16EF0C59-5C4F-47BB-AA41-F33BA5AF63F9}
[2011/10/21 13:38:04 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B3DBAE6D-56A9-4CAB-9195-A9306A74200D}
[2011/10/21 01:37:38 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{29B1695B-0133-45B4-AF14-8B58B6D518F7}
[2011/10/20 13:37:13 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{E420C3B5-05FD-4928-88E5-E049C4CC3D25}
[2011/10/20 13:37:01 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{AE87C397-186E-490F-9521-FF5F56FE2754}
[2011/10/19 15:54:47 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{D00C1B5C-CB03-4A42-8FD3-038A3E00C08D}
[2011/10/19 15:54:36 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{49954C21-F7B7-48B8-B9D1-A810A9F8EBFA}
[2011/10/19 02:01:01 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{81378572-E11B-4C4A-A140-F11E283DDBC1}
[2011/10/19 02:00:50 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{EB7F9244-101E-4BCD-8335-9A72A8D68A84}
[2011/10/18 14:00:14 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{9C12630A-2BD3-4DBC-907A-65C010817C5F}
[2011/10/18 14:00:00 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{EEC83AD5-E0E1-4318-B8C1-95FCDFE404D3}
[2011/10/18 01:59:32 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{0C3301D5-523B-4297-B45B-C7235465E40F}
[2011/10/18 01:59:21 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{5471246C-F497-49B9-94F9-AAAB65E7E8BD}
[2011/10/17 13:58:50 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{F9303786-2A46-4AE5-A32C-4D5D589E2F52}
[2011/10/17 13:58:39 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{436B1AB9-8007-44FE-A763-D2BCC79507E9}
[2011/10/16 15:40:59 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{2A903310-30C4-4CDE-BF64-BAC8B2C5E26A}
[2011/10/16 15:40:47 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{4096BD02-5FE3-4F11-AA88-BCFBC938B581}
[2011/10/16 02:15:30 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\.minecraft
[2011/10/16 01:28:08 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B079618C-82C3-498E-9D7A-0E9C3ECF3620}
[2011/10/15 13:27:41 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{AC248DE6-A5DD-4C1D-B866-B2A864A288D5}
[2011/10/15 13:27:28 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{6229058F-481B-4D14-BBCA-B3EABF2CCE09}
[2011/10/15 01:19:33 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{382E6DFC-B4A1-4410-903F-EA6D87A86E8E}
[2011/10/15 01:19:22 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{6E532250-A33D-4B0C-B304-C4C21E2E1951}
[2011/10/14 13:18:55 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{0A9025F0-5332-4E34-8DEE-DE2992D9A94E}
[2011/10/14 13:18:43 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{BE97BD9B-7FE1-44CE-AC52-54A52BD29F24}
[2011/10/13 15:53:50 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B476259B-C1D5-47CE-9D0B-7E6738C2D6B8}
[2011/10/13 15:53:37 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{E7D89C8C-29AC-4027-B38B-21EECEE4E6C5}
[2011/10/13 02:46:54 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{3D4E13DB-71EF-400D-98A3-3813618C23FE}
[2011/10/13 02:46:44 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{009496E4-CAF8-40B0-A375-5A7C0CC59A6D}
[2011/10/12 14:46:17 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{8A6EE519-D01E-4EE9-8DA3-A4B3DED03B81}
[2011/10/12 14:46:04 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B51D6007-B11B-4C51-A65C-A105EAFAB126}
[2011/10/12 01:10:21 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B105D075-0EE9-42EB-9666-20391FBDC8A0}
[2011/10/12 01:10:10 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{3C30536B-303A-4033-82B1-78CAC69666A8}
[2011/10/11 13:09:44 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{FFD71169-5870-41CC-8E1A-8DFBEAF90180}
[2011/10/11 13:09:33 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{43F3C4E7-9EF8-4B27-8908-35BD50D8D16C}
[2011/10/11 01:09:08 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{97F5E2AA-0C7E-4FB1-B45E-60957EB4C02F}
[2011/10/11 00:25:05 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Anoying Orange
[2011/10/10 13:08:44 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{6ABACDE2-46CB-40FC-BA1D-54BD2FCDD522}
[2011/10/10 13:08:33 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{03AD3048-FEED-4670-9BA3-5B1D16EA80F9}
[2011/10/10 00:12:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{C3221F5C-DF15-48E4-978B-E4374434602A}
[2011/10/10 00:12:01 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{D26F753A-D965-4D87-AB12-313F49F7CB0B}
[2011/10/09 12:11:34 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{8D30D00A-C959-481F-9CEC-F0DBD4AFCC79}
[2011/10/09 12:11:21 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{2C558A16-656B-407C-BC1E-A7212829EBCB}
[2011/10/08 15:42:24 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{635B1BCE-93E2-40DA-A0D1-4CC52AC3AD0A}
[2011/10/08 15:42:10 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{F8F537EC-E0F7-43B1-B603-69A5B0ABE31F}
[2011/10/07 15:40:18 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{61D88D6D-80B9-45FE-AF3B-424616565FBC}
[2011/10/07 15:40:07 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{E495EE00-226D-4F12-B9B2-8C199520DBFF}
[2011/10/06 21:06:41 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{0AF335A4-001E-45C9-A7C0-92F5F8250D06}
[2011/10/06 21:06:30 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{897F3118-39E8-4DA8-B19C-D79901DA7082}
[2011/10/05 14:46:58 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{BFEEEC05-A08F-4F6D-A7D9-F95F8F971D22}
[2011/10/05 14:46:44 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{23D5BDA2-3683-4B68-A1CD-7013CEB61610}
[2011/10/04 14:37:37 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{5BE688D6-E00F-495E-957D-A319EDE629A2}
[2011/10/04 14:37:24 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{08A7C272-54DE-48A3-BE4A-A81A380AE295}
[2011/10/03 17:44:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{7577A4E6-474D-4CB0-8BC3-642082079757}
[2011/10/03 17:44:00 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{A0F6D1B3-523E-4BB6-B1F9-8ED3FA1C69E3}
[2011/10/02 14:37:04 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{FCC69C40-4270-418F-90F6-5696095074C8}
[2011/10/02 14:36:52 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{E9879DAE-EF49-4653-98E0-A7F7D184B3B2}
[2011/10/01 15:32:24 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B15AFEB3-DD85-4292-A052-EDEC2FC31F32}
[2011/10/01 15:32:11 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B97A31E6-4815-473D-B28C-9E214DFF43C0}
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Matt\AppData\Local\*.tmp files -> C:\Users\Matt\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/30 20:51:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2011/10/30 20:26:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/30 19:58:11 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/30 17:57:18 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/30 17:57:18 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/30 17:51:59 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2011/10/30 17:49:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/30 17:49:17 | 2141,253,631 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/30 02:59:33 | 000,000,032 | ---- | M] () -- C:\Users\Matt\jagex_cl_runescape_LIVE.dat
[2011/10/30 00:55:16 | 000,001,169 | ---- | M] () -- C:\Users\Matt\Desktop\FUEL - Shortcut.lnk
[2011/10/29 23:56:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/29 21:53:36 | 004,278,104 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2011/10/29 21:51:54 | 000,727,362 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/29 21:51:54 | 000,627,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/29 21:51:54 | 000,111,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/27 01:09:05 | 000,000,230 | ---- | M] () -- C:\Users\Matt\Desktop\SPORE™ Galactic Adventures.lnk
[2011/10/27 01:05:27 | 000,000,137 | ---- | M] () -- C:\Windows\disney.ini
[2011/10/25 21:08:18 | 000,001,345 | ---- | M] () -- C:\Users\Matt\Desktop\Fallout3 - Shortcut.lnk
[2011/10/25 15:39:28 | 000,000,129 | ---- | M] () -- C:\Users\Matt\jagex_runescape_preferences2.dat
[2011/10/25 15:39:02 | 000,000,046 | ---- | M] () -- C:\Users\Matt\jagex_runescape_preferences.dat
[2011/10/23 01:33:44 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/22 21:56:42 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/22 21:48:11 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/22 21:46:07 | 000,235,433 | ---- | M] () -- C:\Users\Matt\Desktop\bookmarks-2011-10-22.json
[2011/10/22 00:51:31 | 000,007,597 | ---- | M] () -- C:\Users\Matt\AppData\Local\resmon.resmoncfg
[2011/10/16 21:20:00 | 000,000,207 | ---- | M] () -- C:\Users\Matt\Desktop\Mount & Blade Warband.url
[2011/10/15 14:33:48 | 005,292,054 | ---- | M] () -- C:\Users\Matt\Desktop\Taja.bmp
[2011/10/13 17:30:17 | 000,001,524 | ---- | M] () -- C:\Users\Matt\.recently-used.xbel
[2011/10/13 16:57:02 | 010,269,781 | ---- | M] () -- C:\Users\Matt\Desktop\The Doctor Forever.mp4
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Matt\AppData\Local\*.tmp files -> C:\Users\Matt\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/30 00:55:16 | 000,001,169 | ---- | C] () -- C:\Users\Matt\Desktop\FUEL - Shortcut.lnk
[2011/10/29 22:16:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/29 22:16:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/29 22:16:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/29 22:16:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/29 22:16:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/27 01:09:05 | 000,000,230 | ---- | C] () -- C:\Users\Matt\Desktop\SPORE™ Galactic Adventures.lnk
[2011/10/25 21:37:09 | 000,000,137 | ---- | C] () -- C:\Windows\disney.ini
[2011/10/25 15:39:00 | 000,000,032 | ---- | C] () -- C:\Users\Matt\jagex_cl_runescape_LIVE.dat
[2011/10/22 21:56:42 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/22 21:48:11 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/22 21:48:11 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/22 21:46:05 | 000,235,433 | ---- | C] () -- C:\Users\Matt\Desktop\bookmarks-2011-10-22.json
[2011/10/21 23:54:36 | 000,001,345 | ---- | C] () -- C:\Users\Matt\Desktop\Fallout3 - Shortcut.lnk
[2011/10/16 21:20:00 | 000,000,207 | ---- | C] () -- C:\Users\Matt\Desktop\Mount & Blade Warband.url
[2011/10/13 17:30:17 | 000,001,524 | ---- | C] () -- C:\Users\Matt\.recently-used.xbel
[2011/10/13 16:56:04 | 010,269,781 | ---- | C] () -- C:\Users\Matt\Desktop\The Doctor Forever.mp4
[2011/09/17 15:14:35 | 000,004,096 | ---- | C] () -- C:\Windows\ndridev.dll
[2011/07/31 16:19:57 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\{70F8A395-B2B1-4D0C-B2F2-1227468FBEC6}
[2011/07/31 16:19:34 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\{D782D29B-9322-4513-B93F-E24EA554DD4A}
[2011/06/12 21:54:44 | 000,734,870 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/23 21:00:21 | 000,679,770 | ---- | C] () -- C:\Windows\unins000.exe
[2011/04/23 21:00:21 | 000,044,141 | ---- | C] () -- C:\Windows\unins000.dat
[2011/04/12 00:44:11 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/04/12 00:44:11 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/04/12 00:44:11 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/05 01:22:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/20 01:12:05 | 000,003,584 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/31 01:15:06 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/02/26 19:47:18 | 000,000,305 | ---- | C] () -- C:\Windows\game.ini
[2010/02/14 03:36:25 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\wklnhst.dat
[2010/02/12 03:39:20 | 000,121,460 | ---- | C] () -- C:\Users\Matt\AppData\Local\tmpTHUNDER HORSE AND SANHICAN-A 8.JPG
[2010/02/12 03:39:20 | 000,121,460 | ---- | C] () -- C:\Users\Matt\AppData\Local\tmpTHUNDER HORSE AND SANHICAN-A 8.4
[2010/02/12 03:38:55 | 000,122,164 | ---- | C] () -- C:\Users\Matt\AppData\Local\tmpTHUNDER HORSE AND SANHICAN-A 8.3
[2010/02/12 03:38:54 | 000,120,176 | ---- | C] () -- C:\Users\Matt\AppData\Local\tmpTHUNDER HORSE AND SANHICAN-A 8.2
[2010/02/12 03:38:52 | 000,120,976 | ---- | C] () -- C:\Users\Matt\AppData\Local\tmpTHUNDER HORSE AND SANHICAN-A 8.1
[2010/02/12 03:38:50 | 000,118,106 | ---- | C] () -- C:\Users\Matt\AppData\Local\tmpTHUNDER HORSE AND SANHICAN-A 8.0
[2010/02/06 22:47:11 | 000,007,597 | ---- | C] () -- C:\Users\Matt\AppData\Local\resmon.resmoncfg
[2010/02/04 22:56:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/04 18:18:14 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/01/29 21:14:50 | 000,000,248 | ---- | C] () -- C:\Windows\HCWBlast.ini
[2010/01/27 18:59:47 | 000,033,169 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/01/27 18:59:21 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/01/27 18:59:21 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/27 18:58:58 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2010/01/27 18:55:11 | 000,003,936 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010/01/24 16:21:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/16 01:47:28 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonServer.exe
[2009/03/16 01:47:24 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonClient.exe
[2009/03/10 12:08:29 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009/03/10 12:08:29 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2009/03/05 20:00:36 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2001/10/12 10:58:20 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\mr310exd.dll
[2001/10/12 10:57:18 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\mr310exv.dll
[2000/12/07 10:13:58 | 000,015,164 | ---- | C] () -- C:\Windows\Mr310twv.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:8CE646EE

< End of report >

This post has been edited by Usko_Detra: 30 October 2011 - 08:45 PM

#15 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 01 November 2011 - 12:42 PM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:8CE646EE 
:Files
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]

  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Share this topic:


  • 4 Pages +
  • 1
  • 2
  • 3
  • Last »
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users