Redirecting to AOL Search

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages
1
2
3
→

You cannot start a new topic
This topic is locked

Redirecting to AOL Search Can't remove the redirect

#1 Maverick753

Member

Group: Members
Posts: 52
Joined: 08-August 11

Posted 26 November 2011 - 01:10 PM

Hi -- I am experiencing the following problem in my Firefox browser. Often (though not every single time), when I do a google search, I am ending up on a search results page powered by AOL search. Can someone please advise on how to trouble shoot this problem?

I am pasting in below the GMER and DDS logs, and attached is the DDS Attach file.

This looks like it's part of the problem:

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20111013150046212&tb_oid=13-10-2011&tb_mrud=13-10-2011&query=

Thank you!
_____________

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27
Run by AMDG2 at 11:21:55 on 2011-11-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4070 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\SysWOW64\svchost.exe -k Akamai
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\AMDG2\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Users\AMDG2\AppData\Local\Akamai\netsession_win.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\splwow64.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
uRun: [Akamai NetSession Interface] C:\Users\AMDG2\AppData\Local\Akamai\netsession_win.exe
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0FA2B22A-D20F-459F-AA82-8CF996D66E1D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0FA2B22A-D20F-459F-AA82-8CF996D66E1D}\1446D6962716C637F534C65726 : DhcpNameServer = 192.168.10.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{0FA2B22A-D20F-459F-AA82-8CF996D66E1D}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 68.87.71.230 68.87.73.246
TCP: Interfaces\{0FA2B22A-D20F-459F-AA82-8CF996D66E1D}\34163716D416C6962657130353 : DhcpNameServer = 192.168.0.254 68.238.128.12
TCP: Interfaces\{0FA2B22A-D20F-459F-AA82-8CF996D66E1D}\76F676F696E666C696768647 : DhcpNameServer = 172.19.134.2
TCP: Interfaces\{0FA2B22A-D20F-459F-AA82-8CF996D66E1D}\E49636F6C6C65647029437C616E6460294E6E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8F8F5B4E-81C4-4E41-9557-F892F6C3BD78} : DhcpNameServer = 129.81.194.225 129.81.193.157 129.81.16.21 129.81.224.50
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - C:\Program Files (x86)\Qualcomm\Eudora\EuShlExt.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
SEH-X64: Eudora's Shell Extension: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files (x86)\Qualcomm\Eudora\EuShlExt.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\AMDG2\AppData\Roaming\Mozilla\Firefox\Profiles\2hoc2p9h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20111013150046212&tb_oid=13-10-2011&tb_mrud=13-10-2011&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20111013150046212&tb_oid=13-10-2011&tb_mrud=13-10-2011&query=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\AMDG2\AppData\Roaming\Mozilla\Firefox\Profiles\2hoc2p9h.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2011-5-12 21504]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-7-6 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\windows\system32\drivers\LMIRfsDriver.sys --> C:\windows\system32\drivers\LMIRfsDriver.sys [?]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-8-30 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-8-30 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-4-7 294328]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-30 2656280]
R3 CeKbFilter;CeKbFilter;C:\windows\system32\DRIVERS\CeKbFilter.sys --> C:\windows\system32\DRIVERS\CeKbFilter.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-4-5 828336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-30 136176]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\windows\system32\DRIVERS\motfilt.sys --> C:\windows\system32\DRIVERS\motfilt.sys [?]
S3 CH341ENUM_A64;CH341ENUM_A64;C:\Windows\System32\drivers\CH34EA64.sys [2011-10-17 30208]
S3 CH341SER_A64;CH341SER_A64;C:\Windows\System32\drivers\CH341S64.SYS [2011-10-17 58368]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-30 136176]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 motandroidusb;Mot ADB Interface Driver;C:\windows\system32\Drivers\motoandroid.sys --> C:\windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\windows\system32\DRIVERS\motccgp.sys --> C:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\windows\system32\DRIVERS\motccgpfl.sys --> C:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\windows\system32\DRIVERS\Motousbnet.sys --> C:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-8-30 54136]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-26 17:04:51 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82E43B01-9E23-42B8-9FFE-68E32A7EE1CE}\offreg.dll
2011-11-26 04:44:25 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82E43B01-9E23-42B8-9FFE-68E32A7EE1CE}\mpengine.dll
2011-11-25 04:03:51 -------- d-----w- C:\Program Files\Motorola Inc
2011-11-25 04:03:51 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
2011-11-24 22:13:19 -------- d-----w- C:\Program Files (x86)\Amazon
2011-11-19 18:52:53 -------- d-----w- C:\Program Files\Carbonite
2011-11-19 18:52:40 -------- d-----w- C:\ProgramData\Carbonite
2011-11-19 18:52:40 -------- d-----w- C:\Program Files (x86)\Carbonite
2011-11-09 19:41:14 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 19:41:14 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 19:41:14 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys
2011-11-09 19:41:13 3144704 ----a-w- C:\windows\System32\win32k.sys
2011-11-07 15:05:05 -------- d-----w- C:\Users\AMDG2\AppData\Local\Tific
2011-11-03 03:09:48 -------- d-----w- C:\Users\AMDG2\AppData\Local\Akamai
.
==================== Find3M ====================
.
2011-11-17 15:22:39 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-13 07:33:52 1145448 ----a-w- C:\windows\System32\drivers\rtl8192ce.sys
2011-10-06 18:56:32 87456 ----a-w- C:\windows\System32\LMIRfsClientNP.dll
2011-10-06 18:56:32 34688 ----a-w- C:\windows\System32\LMIport.dll
2011-10-06 18:56:31 80768 ----a-w- C:\windows\System32\LMIinit.dll
2011-10-01 03:25:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-08-31 22:00:50 25416 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-08-30 10:05:14 20592 ----a-w- C:\windows\System32\drivers\CeKbFilter.sys
.
============= FINISH: 11:22:59.22 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-26 12:05:08
Windows 6.1.7601 Service Pack 1
Running: gmer.exe

---- Files - GMER 1.0.15 ----

File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\9\F8\C2EA5d01 4152 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\9\A5\0435Ed01 7317 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\9\1E\000AEd01 2227 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\9\1E\000AEm01 417 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\9\20\A063Cm01 2874 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\9\25\97DFBd01 756 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\9\25\97DFBm01 1408 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\9\29\36C36d01 1195 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\9\29\36C36m01 1260 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\9\2C\2F3A4d01 2438 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\9\2C\2F3A4m01 1046 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\A\06\65808d01 12282 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\A\06\65808m01 400 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\A\16\828BAd01 10040 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\A\16\828BAm01 491 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\A\96\CAD72d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\A\96\CAD72m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\A\9B\0AB23d01 11191 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\A\9B\0AB23m01 411 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\A\50\140B9d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\A\CF\FA1A8d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\A\CF\FA1A8m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\A\D9\2B8A5d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\A\D9\2B8A5m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\A\6E\4C5A6d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\A\6E\4C5A6m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\A\76\F459Bd01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\A\76\F459Bm01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\B\08\EB6DEd01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\B\08\EB6DEm01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\36\FEC70d01 133 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\36\FEC70m01 433 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\37\10AF0d01 4014 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\37\10AF0m01 204 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\5D\AAFC9d01 475 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\5D\AAFC9m01 438 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\64\C3E4Em01 622 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\69\006AFd01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\69\006AFm01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\EA\73F5Bd01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\EA\73F5Bm01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\EC\046D9m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\ED\10EC9d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\ED\10EC9m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\F0\55358d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\F0\55358m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\FA\03143d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\FA\03143m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\B4\718C4d01 43 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\B4\718C4m01 342 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\B6\F51A6d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\B6\F51A6m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\B7\E109Bd01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\B7\E109Bm01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\BC\E0591d01 706 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\BC\E0591m01 204 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\BD\A9499d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\BD\A9499m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\C3\83943d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\C3\83943m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\C5\8166Cd01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\E\C5\8166Cm01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\02\8C6B2d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\02\8C6B2m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\05\D1C55m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\07\BAB15d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\07\BAB15m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\09\A8B35d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\09\A8B35m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\0D\E42C8d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\0D\E42C8m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\0F\A748Dd01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\0F\A748Dm01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\0F\D0B82d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\0F\D0B82m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\10\D3AAFd01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\10\D3AAFm01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\78\02254d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\78\02254m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\7A\15AB4d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\7A\15AB4m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\80\34A33d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\80\34A33m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\8D\1CAE9m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\97\13C25d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\97\13C25m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\99\9183Em01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\38\9393Ed01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\38\9393Em01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\39\10F29d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\39\10F29m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\3B\A14E4d01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\3B\A14E4m01 0 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\F1\20154d01 152 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\F1\20154m01 350 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\74\C7183d01 35 bytes
File C:\Users\AMDG2\AppData\Local\Mozilla\Firefox\Profiles\2hoc2p9h.default\Cache\F\74\C7183m01 917 bytes
File C:\Users\AMDG2\AppData\Local\Temp\flaE04C.tmp 4179865 bytes

---- EOF - GMER 1.0.15 ----

Attached File(s)

DDS-Attach_11-26-11.txt (12.98K)
Number of downloads: 2

#2 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,524
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 27 November 2011 - 11:39 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

Do not run any other tool untill instructed to do so!
please Do not Attach logs or put in code boxes.
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can help also.
Do not run anything while running a fix.
Do not run any other tool untill instructed to do so!

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1

Link 2

Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

#3 Maverick753

Member

Group: Members
Posts: 52
Joined: 08-August 11

Posted 28 November 2011 - 11:59 PM

Thank you for this advice. I will implement tomorrow and report back.

#4 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,524
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 29 November 2011 - 09:19 AM

<-- Don't worry every little bit helps.

#5 Maverick753

Member

Group: Members
Posts: 52
Joined: 08-August 11

Posted 01 December 2011 - 02:00 AM

Here is the combofix log. It appears that the problem is gone.

ComboFix 11-11-30.03 - AMDG2 12/01/2011 0:43.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4071 [GMT -6:00]
Running from: c:\users\AMDG2\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-12-01 06:47 . 2011-12-01 06:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-01 06:47 . 2011-12-01 06:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-01 06:40 . 2011-12-01 06:40 -------- d-----w- c:\program files (x86)\Safari
2011-12-01 06:39 . 2011-12-01 06:39 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-11-30 14:54 . 2011-12-01 06:49 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AE7DBC1-EBF7-40DC-B59E-767412597DB7}\offreg.dll
2011-11-29 23:16 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AE7DBC1-EBF7-40DC-B59E-767412597DB7}\mpengine.dll
2011-11-25 04:03 . 2011-11-25 04:03 -------- d-----w- c:\program files\Motorola Inc
2011-11-25 04:03 . 2011-11-25 04:03 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-11-24 22:14 . 2011-11-24 22:14 -------- d-----w- c:\users\AMDG2\AppData\Roaming\Amazon
2011-11-24 22:13 . 2011-11-24 22:13 -------- d-----w- c:\program files (x86)\Amazon
2011-11-19 18:52 . 2011-11-19 18:52 -------- d-----w- c:\program files\Carbonite
2011-11-19 18:52 . 2011-11-19 18:52 -------- d-----w- c:\programdata\Carbonite
2011-11-19 18:52 . 2011-11-19 18:52 -------- d-----w- c:\program files (x86)\Carbonite
2011-11-17 15:22 . 2011-11-17 15:22 -------- d-----w- c:\windows\system32\Macromed
2011-11-09 19:41 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 19:41 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 19:41 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 19:41 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 15:05 . 2011-11-07 15:05 -------- d-----w- c:\users\AMDG2\AppData\Local\Tific
2011-11-03 03:09 . 2011-11-20 21:57 -------- d-----w- c:\users\AMDG2\AppData\Local\Akamai
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 15:22 . 2011-09-21 14:13 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-13 07:33 . 2011-08-30 10:11 1145448 ----a-w- c:\windows\system32\drivers\rtl8192ce.sys
2011-10-11 15:05 . 2011-10-11 15:05 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D734B4CB-3348-4CF6-A18A-B9D9AD009017}\gapaengine.dll
2011-10-07 04:16 . 2011-09-08 08:40 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-06 18:56 . 2011-09-06 21:49 34688 ----a-w- c:\windows\system32\LMIport.dll
2011-10-06 18:56 . 2011-09-06 21:49 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-06 18:56 . 2011-09-06 21:49 80768 ----a-w- c:\windows\system32\LMIinit.dll
2011-10-05 06:22 . 2011-10-05 06:22 388096 ----a-r- c:\users\AMDG2\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-01 03:25 . 2011-10-12 07:04 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-12 07:04 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-06 20:54 . 2011-09-08 08:40 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-09-06 18:57 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-10-30 00:04 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-10-30 00:04 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-10-30 00:04 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-30 39408]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416]
"Akamai NetSession Interface"="c:\users\AMDG2\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-10-30 1063056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files (x86)\Qualcomm\Eudora\EuShlExt.dll" [2005-06-08 86016]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-30 136176]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 CH341ENUM_A64;CH341ENUM_A64;c:\windows\system32\DRIVERS\CH34EA64.sys [2010-12-22 30208]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS [2010-12-22 58368]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-30 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2011-03-01 27648]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-10-06 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-12 15928]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-11-07 135608]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-02-03 126392]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-06 828336]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-30 10:23]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-30 10:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-10-29 23:57 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-10-29 23:57 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-10-29 23:57 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-05 11780712]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-12 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
FF - ProfilePath - c:\users\AMDG2\AppData\Roaming\Mozilla\Firefox\Profiles\2hoc2p9h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20111013150046212&tb_oid=13-10-2011&tb_mrud=13-10-2011&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20111013150046212&tb_oid=13-10-2011&tb_mrud=13-10-2011&query=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-12-01 00:57:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-01 06:57
.
Pre-Run: 492,302,446,592 bytes free
Post-Run: 493,803,720,704 bytes free
.
- - End Of File - - 0AB5A01A3CDFD4468EA989C6C2E006C3

#6 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,524
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 01 December 2011 - 02:04 AM

I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

<-- Don't worry every little bit helps.

#7 Maverick753

Member

Group: Members
Posts: 52
Joined: 08-August 11

Posted 04 December 2011 - 12:59 AM

Hi - I ran that CFScript, but I am still getting (in firefox) redirects to this site:

http://search.aol.com/aol/search?q

Below is the combofix log script. One error message I got was related to TPCHWMsg.exe. It said "Illegal operation ... registry key that has been marked for deletion."

Please advise on next steps. Thank you!
________

ComboFix 11-11-30.03 - AMDG2 12/03/2011 23:35:01.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4482 [GMT -6:00]
Running from: c:\users\AMDG2\Desktop\ComboFix.exe
Command switches used :: c:\users\AMDG2\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))
.
.
2011-12-04 05:40 . 2011-12-04 05:40 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74AA2E23-3A7D-497B-8E80-A0FB13EC6959}\offreg.dll
2011-12-04 05:39 . 2011-12-04 05:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-04 05:39 . 2011-12-04 05:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-03 23:35 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74AA2E23-3A7D-497B-8E80-A0FB13EC6959}\mpengine.dll
2011-12-03 23:04 . 2011-12-03 23:04 -------- d-----we c:\windows\system64
2011-11-25 04:03 . 2011-11-25 04:03 -------- d-----w- c:\program files\Motorola Inc
2011-11-25 04:03 . 2011-11-25 04:03 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-11-24 22:14 . 2011-11-24 22:14 -------- d-----w- c:\users\AMDG2\AppData\Roaming\Amazon
2011-11-24 22:13 . 2011-11-24 22:13 -------- d-----w- c:\program files (x86)\Amazon
2011-11-19 18:52 . 2011-11-19 18:52 -------- d-----w- c:\program files\Carbonite
2011-11-19 18:52 . 2011-11-19 18:52 -------- d-----w- c:\programdata\Carbonite
2011-11-19 18:52 . 2011-11-19 18:52 -------- d-----w- c:\program files (x86)\Carbonite
2011-11-17 15:22 . 2011-11-17 15:22 -------- d-----w- c:\windows\system32\Macromed
2011-11-09 19:41 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 19:41 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 19:41 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 19:41 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 15:05 . 2011-11-07 15:05 -------- d-----w- c:\users\AMDG2\AppData\Local\Tific
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 15:22 . 2011-09-21 14:13 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-13 07:33 . 2011-08-30 10:11 1145448 ----a-w- c:\windows\system32\drivers\rtl8192ce.sys
2011-10-11 15:05 . 2011-10-11 15:05 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D734B4CB-3348-4CF6-A18A-B9D9AD009017}\gapaengine.dll
2011-10-07 04:16 . 2011-09-08 08:40 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-06 18:56 . 2011-09-06 21:49 34688 ----a-w- c:\windows\system32\LMIport.dll
2011-10-06 18:56 . 2011-09-06 21:49 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-06 18:56 . 2011-09-06 21:49 80768 ----a-w- c:\windows\system32\LMIinit.dll
2011-10-05 06:22 . 2011-10-05 06:22 388096 ----a-r- c:\users\AMDG2\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-01 03:25 . 2011-10-12 07:04 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-12 07:04 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-06 20:54 . 2011-09-08 08:40 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-09-06 18:57 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-01_06.50.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-12-02 15:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-12 15:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-12 15:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-02 15:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-12 15:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-02 15:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-16 14:52 . 2007-12-10 00:00 49664 c:\windows\system64\ZTAG.DLL
+ 2011-09-16 14:52 . 2007-12-10 00:00 61952 c:\windows\system64\ZIMF.DLL
+ 2009-07-14 00:06 . 2009-07-14 01:39 42496 c:\windows\system64\xwizard.exe
+ 2009-07-13 23:59 . 2009-07-14 01:41 59392 c:\windows\system64\xolehlp.dll
+ 2009-07-14 00:08 . 2009-07-14 01:41 22016 c:\windows\system64\xmlprovi.dll
+ 2009-07-14 00:29 . 2009-07-14 01:41 67072 c:\windows\system64\xmlfilter.dll
+ 2009-07-14 00:20 . 2009-07-14 01:41 30720 c:\windows\system64\XInput9_1_0.dll
+ 2011-08-30 11:02 . 2006-07-28 16:31 83736 c:\windows\system64\xinput1_2.dll
+ 2011-08-30 11:02 . 2006-03-31 19:39 83664 c:\windows\system64\xinput1_1.dll
+ 2009-07-13 23:25 . 2009-07-14 01:39 43008 c:\windows\system64\xcopy.exe
+ 2011-08-30 11:02 . 2007-10-22 10:37 21000 c:\windows\system64\X3DAudio1_2.dll
+ 2011-08-30 11:02 . 2007-03-05 19:42 17688 c:\windows\system64\x3daudio1_1.dll
+ 2011-08-30 11:02 . 2006-02-03 15:41 16592 c:\windows\system64\x3daudio1_0.dll
+ 2009-07-14 00:12 . 2009-07-14 01:41 36352 c:\windows\system64\wwapi.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 48640 c:\windows\system64\wwanprotdim.dll
+ 2009-07-14 00:12 . 2009-07-14 01:41 46592 c:\windows\system64\Wwanpref.dll
+ 2009-07-14 00:12 . 2009-07-14 01:41 15872 c:\windows\system64\wwaninst.dll
+ 2009-07-14 00:12 . 2009-07-14 01:41 73728 c:\windows\system64\WWanHC.dll
+ 2009-07-14 00:12 . 2009-07-14 01:41 49664 c:\windows\system64\wwancfg.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 37376 c:\windows\system64\wups2.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 33280 c:\windows\system64\wups.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 98304 c:\windows\system64\wudriver.dll
+ 2010-11-21 03:23 . 2010-11-21 03:23 78848 c:\windows\system64\WUDFSvc.dll
+ 2010-11-21 03:23 . 2010-11-21 03:23 44544 c:\windows\system64\WUDFCoinstaller.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 51200 c:\windows\system64\wuauclt.exe
+ 2010-11-21 03:24 . 2010-11-21 03:24 36864 c:\windows\system64\wuapp.exe
+ 2009-07-14 00:17 . 2009-07-14 01:41 54272 c:\windows\system64\wtsapi32.dll
+ 2009-07-14 00:10 . 2009-07-14 01:41 18432 c:\windows\system64\wsock32.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 67072 c:\windows\system64\wsnmp32.dll
+ 2009-07-13 23:47 . 2009-07-14 01:34 54272 c:\windows\system64\WsmRes.dll
+ 2009-07-13 23:47 . 2009-07-14 01:39 13824 c:\windows\system64\wsmprovhost.exe
+ 2009-07-13 23:47 . 2009-07-14 01:41 13312 c:\windows\system64\wsmplpxy.dll
+ 2009-07-13 23:21 . 2009-07-14 01:41 13312 c:\windows\system64\WSHTCPIP.DLL
+ 2009-07-14 00:09 . 2009-07-14 01:41 17408 c:\windows\system64\wshrm.dll
+ 2009-07-14 00:09 . 2009-07-14 01:41 16896 c:\windows\system64\wshqos.dll
+ 2009-07-14 00:09 . 2009-07-14 01:41 13312 c:\windows\system64\wshnetbs.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 13824 c:\windows\system64\wshirda.dll
+ 2009-07-13 23:21 . 2009-07-14 01:41 13824 c:\windows\system64\wship6.dll
+ 2009-07-14 00:10 . 2009-07-14 01:41 19968 c:\windows\system64\wshelper.dll
+ 2009-07-13 23:58 . 2009-07-14 01:41 28160 c:\windows\system64\wshcon.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 47104 c:\windows\system64\wshbth.dll
+ 2009-07-14 00:29 . 2009-07-14 01:41 23040 c:\windows\system64\wsepno.dll
+ 2009-07-14 00:35 . 2009-07-14 01:41 67072 c:\windows\system64\WSDScanProxy.dll
+ 2009-07-14 00:39 . 2009-07-14 01:41 69632 c:\windows\system64\WSDPrintProxy.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:24 26112 c:\windows\system64\wsdchngr.dll
+ 2009-07-13 23:48 . 2009-07-14 01:41 97280 c:\windows\system64\wscsvc.dll
+ 2009-07-13 23:48 . 2009-07-14 01:41 13824 c:\windows\system64\wscproxystub.dll
+ 2009-07-14 00:10 . 2009-07-14 01:41 68608 c:\windows\system64\wscmisetup.dll
+ 2009-07-13 23:48 . 2009-07-14 01:41 22528 c:\windows\system64\wscisvif.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 63488 c:\windows\system64\wscapi.dll
+ 2009-07-13 23:56 . 2009-07-14 01:39 10240 c:\windows\system64\write.exe
+ 2009-07-14 00:40 . 2009-07-14 01:39 48640 c:\windows\system64\wpnpinst.exe
+ 2009-07-14 00:22 . 2009-07-14 01:39 34816 c:\windows\system64\WPDShextAutoplay.exe
+ 2009-07-14 00:21 . 2009-07-14 01:41 88064 c:\windows\system64\WpdMtpUS.dll
+ 2009-07-13 23:55 . 2009-07-14 01:41 12288 c:\windows\system64\wpcsvc.dll
+ 2009-07-13 23:55 . 2009-07-14 01:41 17408 c:\windows\system64\wpcmig.dll
+ 2009-07-13 23:26 . 2009-07-14 01:39 16384 c:\windows\system64\wowreg32.exe
+ 2011-09-07 08:03 . 2011-07-16 05:41 13312 c:\windows\system64\wow64cpu.dll
+ 2009-07-13 23:52 . 2009-07-14 01:41 14848 c:\windows\system64\wmsgapi.dll
+ 2009-07-14 00:23 . 2009-07-14 01:41 28672 c:\windows\system64\wmpcm.dll
+ 2009-07-13 23:22 . 2009-07-14 01:41 27648 c:\windows\system64\wmiprop.dll
+ 2009-07-14 00:21 . 2009-07-14 01:41 37888 c:\windows\system64\wmdmlog.dll
+ 2009-07-14 00:22 . 2009-07-14 01:41 44032 c:\windows\system64\wmcodecdspps.dll
+ 2009-07-13 23:52 . 2009-07-14 01:41 10752 c:\windows\system64\WlS0WndH.dll
+ 2009-07-13 23:52 . 2009-07-14 01:39 44544 c:\windows\system64\wlrmdr.exe
+ 2009-07-14 00:07 . 2009-07-14 01:41 10752 c:\windows\system64\wlanutil.dll
+ 2009-07-14 00:07 . 2009-07-14 01:41 19968 c:\windows\system64\wlaninst.dll
+ 2009-07-14 00:07 . 2009-07-14 01:39 99328 c:\windows\system64\wlanext.exe
+ 2009-07-14 00:16 . 2009-07-14 01:41 12800 c:\windows\system64\wksprtPS.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 71680 c:\windows\system64\wkscli.dll
+ 2009-07-13 23:57 . 2009-07-14 01:39 80384 c:\windows\system64\winver.exe
+ 2009-07-14 00:06 . 2009-07-14 01:41 20480 c:\windows\system64\winusb.dll
+ 2009-07-14 00:10 . 2009-07-14 01:41 24064 c:\windows\system64\WINSRPC.DLL
+ 2009-07-14 00:10 . 2009-07-14 01:41 88576 c:\windows\system64\winsockhc.dll
+ 2009-07-13 23:53 . 2009-07-14 01:40 13312 c:\windows\system64\winshfhc.dll
+ 2009-07-13 23:47 . 2009-07-14 01:41 13312 c:\windows\system64\winrssrv.dll
+ 2009-07-13 23:47 . 2009-07-14 01:39 24064 c:\windows\system64\winrshost.exe
+ 2009-07-13 23:47 . 2009-07-14 01:39 51200 c:\windows\system64\winrs.exe
+ 2009-07-13 23:53 . 2009-07-14 01:41 28672 c:\windows\system64\winrnr.dll
+ 2009-07-13 23:21 . 2009-07-14 01:41 26112 c:\windows\system64\winnsi.dll
+ 2009-07-14 00:35 . 2009-07-14 01:41 29184 c:\windows\system64\WinFax.dll
+ 2009-07-14 00:08 . 2009-07-14 01:41 99328 c:\windows\system64\winethc.dll
+ 2009-07-13 23:49 . 2009-07-14 01:41 28672 c:\windows\system64\WindowsPowerShell\v1.0\pwrshsip.dll
+ 2009-07-13 23:49 . 2009-07-14 01:29 20480 c:\windows\system64\WindowsPowerShell\v1.0\PSEvents.dll
+ 2009-07-13 23:53 . 2009-07-14 01:41 39936 c:\windows\system64\wincredprovider.dll
+ 2009-07-13 23:30 . 2009-07-14 01:41 16384 c:\windows\system64\winbrand.dll
+ 2009-07-13 23:53 . 2009-07-14 01:41 57344 c:\windows\system64\WinBioPlugIns\winbiostorageadapter.dll
+ 2009-07-13 23:53 . 2009-07-14 01:41 13824 c:\windows\system64\WinBioPlugIns\winbiosensoradapter.dll
+ 2009-07-13 23:53 . 2009-07-14 01:41 78848 c:\windows\system64\winbio.dll
+ 2009-07-14 00:35 . 2009-07-14 01:39 36352 c:\windows\system64\wiawow64.exe
+ 2009-07-14 00:35 . 2009-07-14 01:41 14848 c:\windows\system64\wiatrace.dll
+ 2009-07-14 00:35 . 2009-07-14 01:41 99328 c:\windows\system64\wiascanprofiles.dll
+ 2009-07-14 00:35 . 2009-07-14 01:41 43520 c:\windows\system64\wiarpc.dll
+ 2009-07-14 00:36 . 2009-07-14 01:39 96256 c:\windows\system64\wiaacmgr.exe
+ 2009-07-13 23:25 . 2009-07-14 01:39 52736 c:\windows\system64\whoami.exe
+ 2009-07-14 00:10 . 2009-07-14 01:41 18944 c:\windows\system64\whhelper.dll
+ 2009-07-13 23:25 . 2009-07-14 01:39 43008 c:\windows\system64\where.exe
+ 2009-07-13 23:31 . 2009-07-14 01:41 35328 c:\windows\system64\whealogr.dll
+ 2009-07-14 00:08 . 2009-07-14 01:41 85504 c:\windows\system64\WfHC.dll
+ 2009-07-14 00:08 . 2009-07-14 01:41 22528 c:\windows\system64\wfapigp.dll
+ 2009-07-13 23:40 . 2009-07-14 01:41 76800 c:\windows\system64\wersvc.dll
+ 2009-07-13 23:40 . 2009-07-14 01:39 50688 c:\windows\system64\wermgr.exe
+ 2010-11-21 03:24 . 2010-11-21 03:24 26112 c:\windows\system64\WerFaultSecure.exe
+ 2009-07-13 23:40 . 2009-07-14 01:41 34304 c:\windows\system64\werdiagcontroller.dll
+ 2009-07-13 23:40 . 2009-07-14 01:41 84480 c:\windows\system64\wercplsupport.dll
+ 2009-07-13 23:46 . 2009-07-14 01:41 88576 c:\windows\system64\wecapi.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 36352 c:\windows\system64\wdiasqmmodule.dll
+ 2010-11-21 03:09 . 2011-11-28 14:50 39992 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-04 05:42 44442 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-06 18:58 . 2011-12-04 05:42 10604 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1908829300-2548605985-3392525376-1000_UserData.bin
+ 2009-07-13 23:31 . 2009-07-14 01:41 90624 c:\windows\system64\wdi.dll
+ 2009-07-13 23:38 . 2009-07-14 01:41 40960 c:\windows\system64\WcsPlugInService.dll
+ 2009-07-14 00:08 . 2009-07-14 01:41 35328 c:\windows\system64\WcnNetsh.dll
+ 2009-07-14 00:08 . 2009-07-14 01:41 25088 c:\windows\system64\WcnEapPeerProxy.dll
+ 2009-07-14 00:08 . 2009-07-14 01:41 24576 c:\windows\system64\WcnEapAuthProxy.dll
+ 2009-07-13 23:47 . 2009-07-14 01:41 62976 c:\windows\system64\wbem\xml\wmi2xml.dll
+ 2009-07-13 23:47 . 2009-07-14 01:41 54272 c:\windows\system64\wbem\wmitimep.dll
+ 2009-07-13 23:47 . 2009-07-14 01:41 59904 c:\windows\system64\wbem\WMIPSESS.dll
+ 2009-07-13 23:47 . 2009-07-14 01:41 89088 c:\windows\system64\wbem\WMIPIPRT.dll
+ 2009-07-13 23:31 . 2009-07-14 01:41 64512 c:\windows\system64\wbem\WmiPerfInst.dll
+ 2009-07-13 23:47 . 2009-07-14 01:41 53760 c:\windows\system64\wbem\wmipdfs.dll
+ 2009-07-13 23:47 . 2009-07-14 01:41 96256 c:\windows\system64\wbem\WMICOOKR.dll
+ 2009-07-13 23:46 . 2009-07-14 01:39 79872 c:\windows\system64\wbem\WinMgmt.exe
+ 2009-07-13 23:22 . 2009-07-14 01:41 99840 c:\windows\system64\wbem\Win32_EncryptableVolume.dll
+ 2009-07-13 23:46 . 2009-07-14 01:41 64512 c:\windows\system64\wbem\wbemsvc.dll
+ 2009-07-13 23:46 . 2009-07-14 01:41 43520 c:\windows\system64\wbem\wbemprox.dll
+ 2009-07-13 23:46 . 2009-07-14 01:41 75776 c:\windows\system64\wbem\wbemcons.dll
+ 2009-07-13 23:47 . 2009-07-14 01:39 47104 c:\windows\system64\wbem\unsecapp.exe
+ 2009-07-13 23:46 . 2009-07-14 01:41 48128 c:\windows\system64\wbem\SMTPCons.dll
+ 2009-07-13 23:47 . 2009-07-14 01:39 48128 c:\windows\system64\wbem\scrcons.exe
+ 2009-07-13 23:47 . 2009-07-14 01:41 78336 c:\windows\system64\wbem\NCProv.dll
+ 2009-07-13 23:47 . 2009-07-14 01:41 76288 c:\windows\system64\wbem\mofinstall.dll
+ 2009-07-13 23:47 . 2009-07-14 01:39 22528 c:\windows\system64\wbem\mofcomp.exe
+ 2009-07-13 23:47 . 2009-07-14 01:41 20480 c:\windows\system64\wbem\MMFUtil.dll
+ 2009-07-13 23:47 . 2009-07-14 01:41 44544 c:\windows\system64\wbem\KrnlProv.dll
+ 2010-11-21 03:25 . 2010-11-21 03:25 61952 c:\windows\system64\WavDest.dll
+ 2009-07-13 23:25 . 2009-07-14 01:39 44544 c:\windows\system64\waitfor.exe
+ 2009-07-14 00:22 . 2009-07-14 01:41 72192 c:\windows\system64\WABSyncProvider.dll
+ 2009-07-13 23:53 . 2009-07-14 01:41 35328 c:\windows\system64\w32topl.dll
+ 2009-07-13 23:49 . 2009-07-14 01:39 81408 c:\windows\system64\w32tm.exe
+ 2009-07-13 23:36 . 2009-07-14 01:41 76800 c:\windows\system64\vsstrace.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 61952 c:\windows\system64\vss_ps.dll
+ 2010-11-21 03:23 . 2010-11-21 03:23 38912 c:\windows\system64\vpnikeapi.dll
+ 2009-07-13 23:25 . 2009-07-14 01:41 21504 c:\windows\system64\virtdisk.dll
+ 2009-07-13 23:38 . 2009-07-13 23:38 15360 c:\windows\system64\vga.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 68096 c:\windows\system64\vfwwdm32.dll
+ 2009-07-13 23:57 . 2009-07-14 01:41 29184 c:\windows\system64\version.dll
+ 2009-07-13 23:57 . 2009-07-14 01:39 11776 c:\windows\system64\verclsid.exe
+ 2009-07-13 23:36 . 2009-07-14 01:41 55296 c:\windows\system64\vdsvd.dll
+ 2009-07-13 23:36 . 2009-07-14 01:39 22528 c:\windows\system64\vdsldr.exe
+ 2009-07-13 23:53 . 2009-07-14 01:39 40448 c:\windows\system64\VaultSysUi.exe
+ 2009-07-13 23:53 . 2009-07-14 01:41 80384 c:\windows\system64\VaultCredProvider.dll
+ 2009-07-13 23:53 . 2009-07-14 01:39 27136 c:\windows\system64\VaultCmd.exe
+ 2009-07-13 23:52 . 2009-07-14 01:41 41984 c:\windows\system64\vaultcli.dll
+ 2009-07-13 23:37 . 2009-07-14 01:41 38912 c:\windows\system64\uxsms.dll
+ 2009-07-13 23:54 . 2009-07-14 01:41 25088 c:\windows\system64\UXInit.dll
+ 2009-07-14 00:17 . 2009-07-14 01:41 34816 c:\windows\system64\utildll.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 30720 c:\windows\system64\userinit.exe
+ 2010-11-21 03:24 . 2010-11-21 03:24 84480 c:\windows\system64\UserAccountControlSettings.dll
+ 2009-07-14 00:06 . 2009-07-14 01:41 13312 c:\windows\system64\usbperf.dll
+ 2009-07-14 00:39 . 2009-07-14 01:41 45056 c:\windows\system64\usbmon.dll
+ 2009-07-14 00:06 . 2009-07-14 01:41 27648 c:\windows\system64\usbceip.dll
+ 2009-07-13 23:24 . 2009-07-14 01:41 29184 c:\windows\system64\ureg.dll
+ 2009-07-14 00:10 . 2009-07-14 01:39 25600 c:\windows\system64\upnpcont.exe
+ 2009-07-13 23:31 . 2009-07-14 01:39 40448 c:\windows\system64\unlodctr.exe
+ 2009-07-14 00:10 . 2009-07-14 01:41 23040 c:\windows\system64\uniplat.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 73216 c:\windows\system64\unimdmat.dll
+ 2009-07-14 00:10 . 2009-07-14 01:41 20480 c:\windows\system64\umdmxfrm.dll
+ 2010-11-21 03:23 . 2010-11-21 03:23 59904 c:\windows\system64\umb.dll
+ 2009-07-14 00:10 . 2009-07-14 01:41 42496 c:\windows\system64\uicom.dll
+ 2009-07-13 23:52 . 2009-07-14 01:39 40960 c:\windows\system64\UI0Detect.exe
+ 2009-07-13 23:25 . 2009-07-14 01:41 87040 c:\windows\system64\uexfat.dll
+ 2009-07-14 00:10 . 2009-07-14 01:41 53248 c:\windows\system64\udhisapi.dll
+ 2009-07-13 23:22 . 2009-07-14 01:39 41984 c:\windows\system64\ucsvc.exe
+ 2009-07-14 00:08 . 2009-07-14 01:41 57856 c:\windows\system64\ucmhc.dll
+ 2010-11-21 03:23 . 2010-11-21 03:23 58368 c:\windows\system64\tzutil.exe
+ 2009-07-13 23:31 . 2009-07-14 01:39 47104 c:\windows\system64\typeperf.exe
+ 2009-07-13 23:19 . 2009-07-14 01:41 11776 c:\windows\system64\txfw32.dll
+ 2009-07-14 00:20 . 2009-07-14 01:41 34816 c:\windows\system64\tvratings.dll
+ 2009-07-14 01:01 . 2009-06-10 20:31 34624 c:\windows\system64\TsWpfWrp.exe
+ 2009-07-14 00:16 . 2009-07-14 01:39 52224 c:\windows\system64\TSWbPrxy.exe
+ 2010-11-21 03:24 . 2010-11-21 03:24 12288 c:\windows\system64\TsUsbRedirectionGroupPolicyExtension.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 40960 c:\windows\system64\TsUsbGDCoInstaller.dll
+ 2009-07-14 00:17 . 2009-07-14 01:39 46592 c:\windows\system64\TSTheme.exe
+ 2010-11-21 03:24 . 2010-11-21 03:24 86016 c:\windows\system64\TSpkg.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 44032 c:\windows\system64\tsgqec.dll
+ 2009-07-14 00:16 . 2009-07-14 00:16 17408 c:\windows\system64\tsddd.dll
+ 2009-07-13 23:46 . 2009-07-14 01:41 17408 c:\windows\system64\TSChannel.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 14848 c:\windows\system64\tsbyuv.dll
+ 2009-07-13 23:25 . 2009-07-13 23:25 18944 c:\windows\system64\tree.com
+ 2010-11-21 03:24 . 2010-11-21 03:24 21504 c:\windows\system64\TRAPI.dll
+ 2009-07-14 00:09 . 2009-07-14 01:41 39424 c:\windows\system64\traffic.dll
+ 2009-07-14 00:10 . 2009-07-14 01:39 13824 c:\windows\system64\TRACERT.EXE
+ 2009-07-13 23:21 . 2009-07-14 01:41 42496 c:\windows\system64\tpmcompc.dll
+ 2011-08-30 10:11 . 2011-02-17 23:42 99320 c:\windows\system64\tosWirelessLANIndicatorCP.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 73728 c:\windows\system64\tlscsp.dll
+ 2009-07-13 23:25 . 2009-07-14 01:39 33280 c:\windows\system64\timeout.exe
+ 2009-07-13 23:22 . 2009-07-14 01:41 10240 c:\windows\system64\TimeDateMUICallback.dll
+ 2009-07-13 23:54 . 2009-07-14 01:41 44544 c:\windows\system64\themeservice.dll
+ 2009-07-14 00:10 . 2009-07-14 01:39 10240 c:\windows\system64\TCPSVCS.EXE
+ 2009-07-14 00:39 . 2009-07-14 01:41 73216 c:\windows\system64\tcpmonui.dll
+ 2009-07-14 00:39 . 2009-07-14 01:41 38912 c:\windows\system64\tcpmib.dll
+ 2009-07-14 00:40 . 2009-07-14 01:39 15360 c:\windows\system64\tcmsetup.exe
+ 2009-07-13 23:21 . 2009-07-14 01:41 65536 c:\windows\system64\tbssvc.dll
+ 2009-07-13 23:21 . 2009-07-14 01:41 19968 c:\windows\system64\tbs.dll
+ 2009-07-13 23:46 . 2009-07-14 01:41 55296 c:\windows\system64\TaskSchdPS.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 69120 c:\windows\system64\taskhost.exe
+ 2009-07-14 00:41 . 2009-07-14 01:39 13312 c:\windows\system64\TapiUnattend.exe
+ 2009-07-14 00:41 . 2009-07-14 01:41 11776 c:\windows\system64\TapiSysprep.dll
+ 2009-07-14 00:40 . 2009-07-14 01:41 11264 c:\windows\system64\tapiperf.dll
+ 2009-07-14 00:40 . 2009-07-14 01:41 35328 c:\windows\system64\tapilua.dll
+ 2010-11-21 03:23 . 2010-11-21 03:23 63488 c:\windows\system64\takeown.exe
+ 2010-11-21 03:25 . 2010-11-21 03:25 92672 c:\windows\system64\TabSvc.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 78848 c:\windows\system64\tabcal.exe
+ 2009-07-14 00:01 . 2009-07-14 01:41 66560 c:\windows\system64\TabbtnEx.dll
+ 2009-07-13 23:56 . 2009-07-14 01:39 82432 c:\windows\system64\SystemPropertiesRemote.exe
+ 2009-07-13 23:56 . 2009-07-14 01:39 82432 c:\windows\system64\SystemPropertiesProtection.exe
+ 2009-07-13 23:56 . 2009-07-14 01:39 82432 c:\windows\system64\SystemPropertiesPerformance.exe
+ 2009-07-13 23:56 . 2009-07-14 01:39 82432 c:\windows\system64\SystemPropertiesHardware.exe
+ 2009-07-13 23:56 . 2009-07-14 01:39 82432 c:\windows\system64\SystemPropertiesDataExecutionPrevention.exe
+ 2009-07-13 23:56 . 2009-07-14 01:39 82432 c:\windows\system64\SystemPropertiesComputerName.exe
+ 2009-07-13 23:56 . 2009-07-14 01:39 82432 c:\windows\system64\SystemPropertiesAdvanced.exe
+ 2010-11-21 03:24 . 2010-11-21 03:24 17408 c:\windows\system64\syssetup.dll
+ 2009-07-13 23:52 . 2009-07-14 01:41 23040 c:\windows\system64\sysntfy.dll
+ 2009-07-13 23:50 . 2009-07-14 01:39 33792 c:\windows\system64\syskey.exe
+ 2009-07-14 00:22 . 2009-07-14 01:41 73728 c:\windows\system64\Syncreg.dll
+ 2009-07-14 00:22 . 2009-07-14 01:41 37888 c:\windows\system64\SyncInfrastructureps.dll
+ 2009-07-14 00:21 . 2009-07-14 01:41 12800 c:\windows\system64\SyncHostps.dll
+ 2009-07-14 00:22 . 2009-07-14 01:39 43520 c:\windows\system64\SyncHost.exe
+ 2009-07-13 23:55 . 2009-07-14 01:41 95232 c:\windows\system64\synceng.dll
+ 2009-07-13 23:26 . 2009-07-14 01:39 35328 c:\windows\system64\sxstrace.exe
+ 2009-07-13 23:26 . 2009-07-14 01:41 27136 c:\windows\system64\sxsstore.dll
+ 2009-07-13 23:26 . 2009-07-14 01:41 31744 c:\windows\system64\sxssrv.dll
+ 2009-07-13 23:36 . 2009-07-14 01:41 42496 c:\windows\system64\sxshared.dll
+ 2009-07-13 23:36 . 2009-07-14 01:41 75776 c:\windows\system64\sxproxy.dll
+ 2011-05-13 05:17 . 2011-03-01 08:07 27648 c:\windows\system64\svchost.exe
+ 2009-07-13 23:25 . 2009-07-14 01:39 15360 c:\windows\system64\subst.exe
+ 2009-07-14 00:18 . 2009-07-14 01:45 24144 c:\windows\system64\streamci.dll
+ 2009-07-14 00:01 . 2009-07-14 01:41 70144 c:\windows\system64\Storprop.dll
+ 2009-07-13 23:57 . 2009-07-14 01:41 75776 c:\windows\system64\StorageContextHandler.dll
+ 2009-07-13 23:59 . 2009-07-14 01:41 66560 c:\windows\system64\stclient.dll
+ 2009-07-14 00:10 . 2009-07-14 01:41 75264 c:\windows\system64\sstpsvc.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 29184 c:\windows\system64\sspisrv.dll
+ 2009-07-14 00:10 . 2009-07-14 01:41 51200 c:\windows\system64\ssdpapi.dll
+ 2010-11-21 03:23 . 2010-11-21 03:23 13312 c:\windows\system64\sscore.dll
+ 2009-07-13 23:36 . 2009-07-14 01:41 26624 c:\windows\system64\srwmi.dll
+ 2009-07-13 23:36 . 2009-07-14 01:41 86528 c:\windows\system64\srhelper.dll
+ 2009-07-13 23:36 . 2009-07-14 01:39 18944 c:\windows\system64\srdelayed.exe
+ 2009-07-13 23:36 . 2009-07-14 01:41 50176 c:\windows\system64\srclient.dll
+ 2009-07-13 23:29 . 2009-07-14 01:41 13824 c:\windows\system64\spwinsat.dll
+ 2009-07-13 23:52 . 2009-07-14 01:41 65536 c:\windows\system64\sppuinotify.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 18944 c:\windows\system64\spopk.dll
+ 2009-07-14 00:39 . 2009-07-14 01:41 57856 c:\windows\system64\spoolss.dll
+ 2011-09-16 14:52 . 2007-12-10 00:00 55808 c:\windows\system64\spool\prtprocs\x64\ZIMFPRNT.DLL
+ 2010-11-21 03:24 . 2010-11-21 03:24 39424 c:\windows\system64\spool\prtprocs\x64\winprint.dll
+ 2011-09-06 21:49 . 2011-10-06 18:56 59776 c:\windows\system64\spool\prtprocs\x64\LMIproc.dll
+ 2009-07-14 00:03 . 2009-07-14 01:41 27648 c:\windows\system64\spool\prtprocs\x64\jnwppr.dll
+ 2011-09-07 17:48 . 2007-04-09 18:23 46472 c:\windows\system64\spool\drivers\x64\mdiui.dll
+ 2011-09-06 21:49 . 2011-10-06 18:56 65408 c:\windows\system64\spool\drivers\x64\LMIprinterui.dll
+ 2011-09-06 21:49 . 2011-10-06 18:56 65408 c:\windows\system64\spool\drivers\x64\LMIprinterdat.dll
+ 2011-09-06 21:49 . 2011-10-06 18:56 53120 c:\windows\system64\spool\drivers\x64\LMIprinter.dll
+ 2011-09-16 14:52 . 2007-12-10 00:00 49664 c:\windows\system64\spool\drivers\x64\3\ZTAG.DLL
+ 2011-09-16 14:52 . 2007-12-10 00:00 66560 c:\windows\system64\spool\drivers\x64\3\ZSDNT5UI.DLL
+ 2011-09-16 14:52 . 2007-12-10 00:00 71680 c:\windows\system64\spool\drivers\x64\3\ZSDIMF.DLL
+ 2011-09-16 14:52 . 2007-12-10 00:00 55296 c:\windows\system64\spool\drivers\x64\3\ZQDPRINT.DLL
+ 2011-09-16 14:52 . 2007-12-10 00:00 61440 c:\windows\system64\spool\drivers\x64\3\ZJBIG.DLL
+ 2011-09-16 14:52 . 2007-12-10 00:00 55808 c:\windows\system64\spool\drivers\x64\3\ZIMFPRNT.DLL
+ 2011-09-16 14:52 . 2007-12-10 00:00 61952 c:\windows\system64\spool\drivers\x64\3\ZIMF.DLL
+ 2011-09-06 21:49 . 2011-10-06 18:56 65408 c:\windows\system64\spool\drivers\x64\3\LMIprinterui.dll
+ 2011-09-06 21:49 . 2011-10-06 18:56 65408 c:\windows\system64\spool\drivers\x64\3\LMIprinterdat.dll
+ 2011-09-06 21:49 . 2011-10-06 18:56 53120 c:\windows\system64\spool\drivers\x64\3\LMIprinter.dll
+ 2009-07-14 00:03 . 2009-07-14 01:41 98816 c:\windows\system64\spool\drivers\x64\3\jnwdui.dll
+ 2010-10-25 20:13 . 2010-10-25 20:13 36240 c:\windows\system64\spool\drivers\x64\3\ADREGP.DLL
+ 2010-10-25 20:13 . 2010-10-25 20:13 24984 c:\windows\system64\spool\drivers\x64\3\AdobePDFUI.dll
+ 2010-10-25 20:13 . 2010-10-25 20:13 53656 c:\windows\system64\spool\drivers\x64\3\AdobePdf.dll
+ 2009-07-13 23:29 . 2009-07-14 01:41 10240 c:\windows\system64\spnet.dll
+ 2009-07-13 23:26 . 2009-07-14 01:41 97792 c:\windows\system64\spfileq.dll
+ 2009-07-14 00:34 . 2009-07-14 01:41 40448 c:\windows\system64\Speech\SpeechUX\SpeechUXPS.DLL
+ 2009-07-13 23:35 . 2009-07-14 01:41 13312 c:\windows\system64\spcmsg.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 78848 c:\windows\system64\spbcd.dll
+ 2009-07-13 23:26 . 2009-07-14 01:41 78848 c:\windows\system64\SortWindows6Compat.dll
+ 2009-07-13 23:26 . 2009-07-14 01:41 51200 c:\windows\system64\SortServer2003Compat.dll
+ 2009-07-13 23:25 . 2009-07-14 01:39 22528 c:\windows\system64\sort.exe
+ 2009-07-14 00:10 . 2009-07-14 01:39

#8 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,524
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 04 December 2011 - 01:36 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened and the that I need posted back here
- Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
Please post the contents of OTL.txt in your next reply.

Gringo

<-- Don't worry every little bit helps.

#9 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,524
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 07 December 2011 - 09:30 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

do you still need help with this?
do you need more time?
are you having problems following my instructions?
if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

<-- Don't worry every little bit helps.

#10 Maverick753

Member

Group: Members
Posts: 52
Joined: 08-August 11

Posted 07 December 2011 - 07:37 PM

Thank you Gringo. I am running the scan now.

I have noticed that there are still 2 problems

1) the AOL redirect continues, after some searches in FireFox
2) the volume icon in my system tray is now missing, and when I tried to adjust it, the option is blacked out [see attached[

I will post the OTL logs as soon as they are ready.

Attached File(s)

volume-icon-missing.png (35.96K)
Number of downloads: 3

#11 Maverick753

Member

Group: Members
Posts: 52
Joined: 08-August 11

Posted 07 December 2011 - 07:38 PM

Here is the OTL log:

OTL logfile created on: 12/7/2011 6:34:31 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\AMDG2\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 3.60 Gb Available Physical Memory | 60.92% Memory free
11.82 Gb Paging File | 9.44 Gb Available in Paging File | 79.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.08 Gb Total Space | 458.16 Gb Free Space | 67.07% Space Free | Partition Type: NTFS
Drive D: | 698.63 Gb Total Space | 698.52 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: AMDG2-PC | User Name: AMDG2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\AMDG2\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Users\AMDG2\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com))
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll ()
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (Symantec Corporation)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (LMIRfsClientNP) -- C:\windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (CH341SER_A64) -- C:\Windows\SysNative\drivers\CH341S64.SYS (www.winchiphead.com)
DRV:64bit: - (CH341ENUM_A64) -- C:\Windows\SysNative\drivers\CH34EA64.sys (Windows ® Server 2003 DDK provider)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (motandroidusb) -- C:\Windows\SysNative\drivers\motoandroid.sys (Motorola)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola)
DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (CH341SER_A64) -- C:\Windows\SysWOW64\drivers\CH341S64.SYS (www.winchiphead.com)
DRV - (CH341ENUM_A64) -- C:\Windows\SysWOW64\drivers\CH34EA64.sys (Windows ® Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CD 76 95 0E 10 04 8D 44 93 CF B6 88 D6 79 0C 84 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CD 76 95 0E 10 04 8D 44 93 CF B6 88 D6 79 0C 84 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CD 76 95 0E 10 04 8D 44 93 CF B6 88 D6 79 0C 84 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CD 76 95 0E 10 04 8D 44 93 CF B6 88 D6 79 0C 84 [binary data]

IE - HKU\S-1-5-21-1908829300-2548605985-3392525376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1908829300-2548605985-3392525376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1908829300-2548605985-3392525376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CD 76 95 0E 10 04 8D 44 93 CF B6 88 D6 79 0C 84 [binary data]
IE - HKU\S-1-5-21-1908829300-2548605985-3392525376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1908829300-2548605985-3392525376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20111013150046212&tb_oid=13-10-2011&tb_mrud=13-10-2011&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20111013150046212&tb_oid=13-10-2011&tb_mrud=13-10-2011&query="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/10/09 08:35:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 09:10:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/16 08:56:58 | 000,000,000 | ---D | M]

[2011/09/07 12:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AMDG2\AppData\Roaming\mozilla\Extensions
[2011/10/13 09:41:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AMDG2\AppData\Roaming\mozilla\Firefox\Profiles\2hoc2p9h.default\extensions
[2011/09/08 09:00:35 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\AMDG2\AppData\Roaming\mozilla\Firefox\Profiles\2hoc2p9h.default\extensions\LogMeInClient@logmein.com
[2011/10/13 09:02:20 | 000,002,354 | ---- | M] () -- C:\Users\AMDG2\AppData\Roaming\Mozilla\Firefox\Profiles\2hoc2p9h.default\searchplugins\aol-web-search.xml
[2011/11/09 09:10:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/16 12:06:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/10/11 23:08:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/11/09 09:10:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 15:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/10/02 12:11:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 09:10:46 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npqtplugin6.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\AMDG2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\AMDG2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2011/12/03 23:41:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1908829300-2548605985-3392525376-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1908829300-2548605985-3392525376-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKU\S-1-5-21-1908829300-2548605985-3392525376-1000..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1908829300-2548605985-3392525376-1000..\Run: [Akamai NetSession Interface] C:\Users\AMDG2\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1908829300-2548605985-3392525376-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1908829300-2548605985-3392525376-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-1908829300-2548605985-3392525376-1000\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.244.0.3 209.244.0.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FA2B22A-D20F-459F-AA82-8CF996D66E1D}: DhcpNameServer = 209.244.0.3 209.244.0.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F8F5B4E-81C4-4E41-9557-F892F6C3BD78}: DhcpNameServer = 147.9.143.101 147.9.143.102 147.9.143.103
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files (x86)\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/07 18:33:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\AMDG2\Desktop\OTL.exe
[2011/12/06 16:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/12/06 16:42:09 | 000,000,000 | ---D | C] -- C:\Users\AMDG2\AppData\Local\{A3C237F1-A791-4CC5-8FAC-4073693792C9}
[2011/12/06 15:37:00 | 000,000,000 | ---D | C] -- C:\Users\AMDG2\AppData\Local\Windows Live
[2011/12/06 15:36:52 | 000,000,000 | ---D | C] -- C:\Users\AMDG2\AppData\Local\{CD24C77B-C30D-47A5-92DC-1E3139CD88F8}
[2011/12/06 15:36:31 | 000,000,000 | R--D | C] -- C:\Users\AMDG2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer - Shortcut
[2011/12/06 15:30:02 | 000,000,000 | ---D | C] -- C:\Users\AMDG2\AppData\Local\{8443AF10-AF2D-4F0D-B363-578900712213}
[2011/12/06 11:54:58 | 000,000,000 | ---D | C] -- C:\Users\AMDG2\AppData\Local\{33117947-E819-4851-B8E5-66F73528B061}
[2011/12/04 14:24:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/03 23:46:33 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/12/03 23:34:11 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/03 17:04:30 | 000,000,000 | ---D | C] -- C:\windows\system64
[2011/12/01 00:42:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/12/01 00:42:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/12/01 00:42:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/12/01 00:42:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/01 00:40:59 | 004,323,419 | R--- | C] (Swearware) -- C:\Users\AMDG2\Desktop\ComboFix.exe
[2011/11/26 23:11:13 | 000,000,000 | ---D | C] -- C:\Users\AMDG2\Documents\medical
[2011/11/24 22:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2011/11/24 22:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2011/11/24 22:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola
[2011/11/24 16:14:33 | 000,000,000 | ---D | C] -- C:\Users\AMDG2\Documents\Amazon MP3
[2011/11/24 16:14:33 | 000,000,000 | ---D | C] -- C:\Users\AMDG2\AppData\Roaming\Amazon
[2011/11/24 16:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2011/11/24 16:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2011/11/24 13:11:37 | 000,000,000 | ---D | C] -- C:\Users\AMDG2\Documents\Journals
[2011/11/23 21:03:22 | 000,000,000 | ---D | C] -- C:\Users\AMDG2\Documents\Outlook Files
[2011/11/19 14:09:16 | 000,000,000 | ---D | C] -- C:\Users\AMDG2\Documents\stl
[2011/11/19 12:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
[2011/11/19 12:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2011/11/19 12:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Carbonite
[2011/11/19 12:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carbonite
[2011/11/17 09:22:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[1 C:\Users\AMDG2\Desktop\*.tmp files -> C:\Users\AMDG2\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/07 18:33:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\AMDG2\Desktop\OTL.exe
[2011/12/07 18:28:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/07 18:28:35 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/07 15:53:52 | 000,733,692 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/12/07 15:53:52 | 000,629,182 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/12/07 15:53:52 | 000,108,366 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/12/07 13:00:16 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 13:00:16 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 11:47:58 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/06 16:50:06 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/12/03 23:41:14 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2011/12/03 23:40:33 | 463,486,975 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/03 17:15:00 | 000,010,272 | -HS- | M] () -- C:\Users\AMDG2\AppData\Local\m2bd12w3tu8ghw
[2011/12/03 17:15:00 | 000,010,272 | -HS- | M] () -- C:\ProgramData\m2bd12w3tu8ghw
[2011/12/01 01:22:41 | 000,149,196 | -H-- | M] () -- C:\windows\SysWow64\mlfcache.dat
[2011/12/01 00:41:02 | 004,323,419 | R--- | M] (Swearware) -- C:\Users\AMDG2\Desktop\ComboFix.exe
[2011/11/24 22:39:03 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/11/24 22:38:52 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/11/24 22:38:51 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/11/24 22:38:43 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/11/24 22:38:43 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/11/24 22:05:44 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2011/11/24 19:32:57 | 000,000,000 | ---- | M] () -- C:\windows\ToDisc.INI
[2011/11/24 16:13:22 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2011/11/23 21:03:36 | 000,001,106 | ---- | M] () -- C:\Users\AMDG2\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/11/19 12:53:01 | 000,002,107 | ---- | M] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
[2011/11/17 09:22:39 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/12 07:51:56 | 000,339,584 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\Users\AMDG2\Desktop\*.tmp files -> C:\Users\AMDG2\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/06 16:50:06 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/12/03 17:04:13 | 000,010,272 | -HS- | C] () -- C:\Users\AMDG2\AppData\Local\m2bd12w3tu8ghw
[2011/12/03 17:04:13 | 000,010,272 | -HS- | C] () -- C:\ProgramData\m2bd12w3tu8ghw
[2011/12/01 01:22:41 | 000,149,196 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2011/12/01 00:42:44 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/12/01 00:42:44 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/12/01 00:42:44 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/12/01 00:42:44 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/12/01 00:42:44 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/11/24 22:39:03 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/11/24 22:38:52 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/11/24 22:38:51 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/11/24 22:38:43 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/11/24 22:38:43 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/11/24 22:05:44 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2011/11/24 19:32:57 | 000,000,000 | ---- | C] () -- C:\windows\ToDisc.INI
[2011/11/24 16:13:22 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2011/11/23 21:03:36 | 000,001,106 | ---- | C] () -- C:\Users\AMDG2\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/11/19 12:53:01 | 000,002,107 | ---- | C] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
[2011/10/12 09:22:12 | 000,000,298 | ---- | C] () -- C:\ProgramData\LastUpdate.xml
[2011/10/12 09:22:12 | 000,000,031 | ---- | C] () -- C:\windows\WebUpdateSvc4.INI
[2011/09/15 19:59:01 | 000,000,126 | ---- | C] () -- C:\windows\QUICKEN.INI
[2011/09/07 11:48:31 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011/09/06 14:50:10 | 000,746,906 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/08/30 04:11:33 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/04/04 21:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/04 21:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/04 21:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/02/03 20:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2010/11/09 13:09:58 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll
[2010/06/10 08:34:20 | 000,319,488 | ---- | C] () -- C:\windows\SysWow64\DLXAPI32.DLL
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\AMDG2\Downloads:Shareaza.GUID

< End of report >

#12 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,524
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 08 December 2011 - 12:07 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

Double-click OTL.exe to start the program.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word Code

:otl
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
@Alternate Data Stream - 16 bytes -> C:\Users\AMDG2\Downloads:Shareaza.GUID
[2011/10/02 12:11:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 09:10:46 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2011/12/03 17:15:00 | 000,010,272 | -HS- | M] () -- C:\Users\AMDG2\AppData\Local\m2bd12w3tu8ghw
[2011/12/03 17:15:00 | 000,010,272 | -HS- | M] () -- C:\ProgramData\m2bd12w3tu8ghw
[2011/12/03 17:04:13 | 000,010,272 | -HS- | C] () -- C:\Users\AMDG2\AppData\Local\m2bd12w3tu8ghw
[2011/12/03 17:04:13 | 000,010,272 | -HS- | C] () -- C:\ProgramData\m2bd12w3tu8ghw
:Files
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[emptyjava]
[EMPTYFLASH]
[RESETHOSTS]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

<-- Don't worry every little bit helps.

#13 Maverick753

Member

Group: Members
Posts: 52
Joined: 08-August 11

Posted 10 December 2011 - 09:26 PM

Below is the OTL log after running that script. I still am seeing the AOL search redirect happening in Firefox.

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Unable to delete ADS C:\Users\AMDG2\Downloads:Shareaza.GUID .
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\twitter.xml moved successfully.
C:\Users\AMDG2\AppData\Local\m2bd12w3tu8ghw moved successfully.
C:\ProgramData\m2bd12w3tu8ghw moved successfully.
File C:\Users\AMDG2\AppData\Local\m2bd12w3tu8ghw not found.
File C:\ProgramData\m2bd12w3tu8ghw not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\AMDG2\Desktop\cmd.bat deleted successfully.
C:\Users\AMDG2\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AMDG2
->Temp folder emptied: 1997254 bytes
->Temporary Internet Files folder emptied: 47526754 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 327270193 bytes
->Google Chrome cache emptied: 29033160 bytes
->Apple Safari cache emptied: 30147584 bytes
->Opera cache emptied: 46202 bytes
->Flash cache emptied: 66167 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3370248 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 83369 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 419.00 mb

[EMPTYJAVA]

User: All Users

User: AMDG2
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: AMDG2
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12102011_200237

Files\Folders moved on Reboot...
C:\Users\AMDG2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

#14 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,524
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 10 December 2011 - 09:40 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

Double-click OTL.exe to start the program.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word Code

:OTL
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20111013150046212&tb_oid=13-10-2011&tb_mrud=13-10-2011&query="
[2011/10/13 09:02:20 | 000,002,354 | ---- | M] () -- C:\Users\AMDG2\AppData\Roaming\Mozilla\Firefox\Profiles\2hoc2p9h.default\searchplugins\aol-web-search.xml
:Files
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[emptyjava]
[EMPTYFLASH]
[RESETHOSTS]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

<-- Don't worry every little bit helps.

#15 Maverick753

Member

Group: Members
Posts: 52
Joined: 08-August 11

Posted 11 December 2011 - 02:29 PM

Thank You. Below is the log. It appears that the AOL search redirect is now gone!

All processes killed
========== OTL ==========
Prefs.js: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20111013150046212&tb_oid=13-10-2011&tb_mrud=13-10-2011&query=" removed from keyword.URL
C:\Users\AMDG2\AppData\Roaming\Mozilla\Firefox\Profiles\2hoc2p9h.default\searchplugins\aol-web-search.xml moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\AMDG2\Desktop\cmd.bat deleted successfully.
C:\Users\AMDG2\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AMDG2
->Temp folder emptied: 209615 bytes
->Temporary Internet Files folder emptied: 63194 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 68906480 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 4115 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19917 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 66.00 mb

[EMPTYJAVA]

User: All Users

User: AMDG2
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: AMDG2
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12112011_130917

Files\Folders moved on Reboot...
C:\Users\AMDG2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...