Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Firefox


  • This topic is locked This topic is locked
8 replies to this topic

#1 Taro Matsuno

Taro Matsuno

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 28 November 2010 - 04:41 PM

Hi, I seem to have gotten the Google redirect malware on my computer. Once in a while when I click on a Google search result I get redirected to some other site, Happili has shown up more than a few times, as well as some other sites. Any ideas?


DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by Taro at 14:39:34.82 on Sun 11/28/2010
Internet Explorer: 8.0.7600.16385

BrowserJavaVersion: 1.6.0_15
Microsoft Windows 7 Home Premium

6.1.7600.0.1252.1.1033.18.4061.2450 [GMT -6:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k

LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k

LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository

\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV

64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k

LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository

\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr

64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile

Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin

\btwdins.exe
C:\Windows\system32\svchost.exe -k

LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Native Instruments

\Hardware\NIHardwareService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\Search

Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k

NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\spool\DRIVERS

\x64\3\HP1006MC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Songkick\Songkicker

\Songkicker.exe
C:\Program Files\WIDCOMM\Bluetooth Software

\BTTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft Office

\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo

Wi-Fi.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software

\BtStackServer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE

\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software

\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE

\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-

container.exe
C:\Program Files (x86)\Mozilla Thunderbird

\thunderbird.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Taro\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Skype\Toolbars\Shared

\SkypeNames2.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer =

http=127.0.0.1:50370
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-

a596-fa578c2ebdc3} - c:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-

4e65e497c8c0} - C:\Program Files (x86)\AVG

\AVG8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No

File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-

b9e3aac4465b} - C:\Program Files (x86)\Microsoft

\Search Enhancement Pack\Search Helper

\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-

4abf-8ecc-5164760863c6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-

a445-435b-bc74-9c25c1c588a9} - C:\Program Files

(x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-

42a1-81ea-dc94ec1acf10} - C:\Program Files

(x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-

9b0f-8a89d3229068} - C:\Program Files

(x86)\Windows Live\Toolbar\wltcore.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\

\Phone\Skype.exe" /nosplash /minimized
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent

\uTorrent.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files

(x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\Taro\AppData

\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [PeerGuardian] C:\Program Files

\PeerGuardian2\pg2.exe
uRun: [Pando Media Booster] C:\Program Files

(x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Songkicker] C:\Program Files

(x86)\Songkick\Songkicker\Songkicker.exe
mRun: [Adobe Reader Speed Launcher] "c:\Program

Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Microsoft Default Manager] "C:\Program

Files (x86)\Microsoft\Search Enhancement Pack

\Default Manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "C:\Program Files

(x86)\Java\jre6\bin\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI

Technologies\ATI.ACE\Core-Static\CLIStart.exe"

MSRun
mRun: [Boingo Wi-Fi] "C:\Program Files

(x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files

(x86)\Common Files\Adobe\CS4ServiceManager

\CS4ServiceManager.exe" -launchedbylogin
mRun: [Drivers] Drivers.exe
mRun: [QuickTime Task] "C:\Program Files

(x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files

(x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Taro\AppData\Roaming

\MICROS~1\Windows\STARTM~1\Programs\Startup

\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft

Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows

\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:

\Program Files\WIDCOMM\Bluetooth Software

\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows

\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program

Files (x86)\Digsby\digsby.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1

(0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5

(0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3

(0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:

\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:

\Program Files\WIDCOMM\Bluetooth Software

\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:

\Program Files\WIDCOMM\Bluetooth Software

\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:

\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} -

{48E73304-E1D6-4330-914C-F5F514E3486C} - C:

\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:

\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_15-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-

1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype

\SKYPE4~1.DLL
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044

-A445-435b-BC74-9C25C1C588A9} - C:\Program Files

\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} -

No File
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics

\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM

\sttray64.exe
mRun-x64: [QuickSet] C:\Program Files\Dell

\QuickSet\QuickSet.exe
mRun-x64: [M-Audio Taskbar Icon] C:\Windows

\system32\M-AudioTaskBarIcon.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Program Files\WIDCOMM\Bluetooth Software

\btsendto_ie.htm
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Taro\AppData\Roaming

\Mozilla\Firefox\Profiles\yabnyxtk.default\
FF - prefs.js: browser.startup.homepage -

hxxp://www.songkick.com/calendar?

utm_campaign=upcoming

%2Fdaily_digest&utm_medium=email&utm_source=skemai

l
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla

Firefox\extensions\{AB2CE124-6272-4b12-94A9-

7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Taro\AppData\Roaming

\Mozilla\Firefox\Profiles\yabnyxtk.default

\extensions\{6AC85730-7D0F-4de0-B3FA-

21142DD85326}\platform\WINNT\components

\ColorZilla.dll
FF - plugin: C:\Program Files (x86)\Mozilla

Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Pando

Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live

\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Taro\AppData\Local\Google

\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash

\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework

Assistant: {20a82645-c095-46ed-80e3-08825760534b}

- c:\Windows\Microsoft.NET\Framework\v3.5\Windows

Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry

Reference - C:\Program Files (x86)\Mozilla

Firefox\extensions\{CAFEEFAC-0016-0000-0015-

ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285

-3208198ce6fd} - C:\Program Files (x86)\Mozilla

Firefox\extensions\{972ce4c6-7e08-4474-a285-

3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000

-0015-ABCDEFFEDCBA} - C:\Program Files

(x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-

0000-0015-ABCDEFFEDCBA}
FF - Extension: Skype extension for Firefox:

{AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:

\Program Files (x86)\Mozilla Firefox\extensions

\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Microsoft .NET Framework

Assistant: {20a82645-c095-46ed-80e3-08825760534b}

- c:\Windows\Microsoft.NET\Framework\v3.5\Windows

Presentation Foundation\DotNetAssistantExtension
FF - Extension: XULRunner: {B49BB467-DA4D-403C-

A136-B894905D52DB} - C:\Users\Taro\AppData\Local

\{B49BB467-DA4D-403C-A136-B894905D52DB}
FF - Extension: BugMeNot: {987311C6-B504-4aa2-

90BF-60CC49808D42} - C:\Users\Taro\AppData

\Roaming\Mozilla\Firefox\Profiles

\yabnyxtk.default\extensions\{987311C6-B504-4aa2-

90BF-60CC49808D42}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4

-a8b2-2b9879e08c5d} - C:\Users\Taro\AppData

\Roaming\Mozilla\Firefox\Profiles

\yabnyxtk.default\extensions\{d10d0bf8-f5b5-c8b4-

a8b2-2b9879e08c5d}
FF - Extension: ColorZilla: {6AC85730-7D0F-4de0-

B3FA-21142DD85326} - C:\Users\Taro\AppData

\Roaming\Mozilla\Firefox\Profiles

\yabnyxtk.default\extensions\{6AC85730-7D0F-4de0-

B3FA-21142DD85326}

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers

\PxHlpa64.sys [2009-8-6 55856]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:

\Windows\System32\drivers\avgldx64.sys [2009-8-15

269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter

Driver x64;C:\Windows\System32\drivers

\avgmfx64.sys [2009-8-15 35536]
R2 AESTFilters;Andrea ST Filters Service;C:

\Windows\System32\DriverStore\FileRepository

\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr

64.exe [2009-11-6 89600]
R2 AMD External Events Utility;AMD External Events

Utility;C:\Windows\System32\atiesrxx.exe [2009-11

-6 203264]
R2 avg9wd;AVG Free WatchDog;C:\Program Files

(x86)\AVG\AVG9\avgwdsvc.exe [2010-7-15 308136]
R2 NIHardwareService;NIHardwareService;C:\Program

Files\Common Files\Native Instruments\Hardware

\NIHardwareService.exe [2009-7-17 4948992]
R3 btusbflt;Bluetooth USB Filter;C:\Windows

\System32\drivers\btusbflt.sys [2010-4-13 54824]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows

\System32\drivers\btwl2cap.sys [2009-8-6 36392]
R3 CtClsFlt;Creative Camera Class Upper Filter

Driver;C:\Windows\System32\drivers\CtClsFlt.sys

[2009-8-6 172704]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet

- NDIS 6.0;C:\Windows\System32\drivers

\k57nd60a.sys [2009-6-10 270848]
R3 netw5v64;Intel® Wireless WiFi Link 5000

Series Adapter Driver for Windows Vista 64 Bit;C:

\Windows\System32\drivers\NETw5v64.sys [2009-5-14

5435904]
R3 OA008Ufd;Creative Camera OA008 Upper Filter

Driver;C:\Windows\System32\drivers\OA008Ufd.sys

[2009-8-6 158592]
R3 OA008Vid;Creative Camera OA008 Function

Driver;C:\Windows\System32\drivers\OA008Vid.sys

[2009-8-6 310784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET

Framework NGEN v4.0.30319_X86;C:\Windows

\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

[2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET

Framework NGEN v4.0.30319_X64;C:\Windows

\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

[2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing

Service 64;C:\Program Files\Common Files

\Macrovision Shared\FLEXnet Publisher

\FNPLicensingService64.exe [2009-12-12 1038088]
S3 MADFUFTU;Service for M-Audio FastTrackUltra

DFU;C:\Windows\System32\drivers

\MAudioFastTrackUltra_DFU.sys [2009-9-25 45832]
S3 MAUSBFASTTRACKULTRA;Service for M-Audio Fast

Track Ultra;C:\Windows\System32\drivers

\MAudioFastTrackUltra.sys [2009-9-25 195592]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows

\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies

Service;C:\Windows\System32\Wat\WatAdminSvc.exe

[2010-2-25 1255736]

=============== Created Last 30 ================

2010-11-24 16:46:02 7680 ----a-w-

C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 16:46:02 7680 ----a-w-

C:\Program Files (x86)\Internet Explorer

\iecompat.dll

==================== Find3M ====================

2010-09-10 05:35:44 135168 ----a-w-

C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w-

C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w-

C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w-

C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w-

C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w-

C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w-

C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w-

C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w-

C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w-

C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w-

C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w-

C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w-

C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w-

C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w-

C:\Windows\SysWow64\mfc40u.dll

============= FINISH: 14:41:39.07 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:11 PM

Posted 05 December 2010 - 02:06 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

1.Please do not run any other tool untill instructed to do so!
2.Please reply to this thread, do not start another!
3.Please tell me about any problems that have occurred during the fix.
4.Please tell me of any other symptoms you may be having as these can help also.
5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Vista and Win 7 Users please Right Click and run as Admin all programs that I ask you to run

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the OTL.Txt into this topic and please attach the Extras.Txt.


"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • The two logs from OTL
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Taro Matsuno

Taro Matsuno
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 05 December 2010 - 02:43 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5173

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/5/2010 1:28:25 PM
mbam-log-2010-12-05 (13-28-25).txt

Scan type: Quick scan
Objects scanned: 146033
Time elapsed: 8 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 12/5/2010 1:33:04 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Taro\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 41.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 20.49 Gb Free Space | 4.54% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.10 Gb Free Space | 48.48% Space Free | Partition Type: NTFS

Computer Name: TARO-DELL | User Name: Taro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Taro\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Songkick\Songkicker\Songkicker.exe ()
PRC - C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)


========== Modules (SafeList) ==========

MOD - C:\Users\Taro\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\mssprxy.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (MADFUFTU) -- C:\Windows\SysNative\drivers\MAudioFastTrackUltra_DFU.sys (M-Audio)
DRV:64bit: - (MAUSBFASTTRACKULTRA) -- C:\Windows\SysNative\drivers\MAudioFastTrackUltra.sys (Avid Technology, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\drivers\OA008Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\drivers\OA008Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV - (Normandy) -- C:\Windows\SysWow64\drivers\Normandy.sys ()
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.songkick.com/calendar?utm_campaign=upcoming%2Fdaily_digest&utm_medium=email&utm_source=skemail"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {B49BB467-DA4D-403C-A136-B894905D52DB}:1.9.1
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.2.2
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/01 16:35:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/02 11:28:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/10/31 15:57:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/12/02 11:28:46 | 000,000,000 | ---D | M]

[2010/09/14 18:35:54 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\Mozilla\Extensions
[2010/09/14 18:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taro\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/08/22 00:14:16 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2010/12/04 15:55:05 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\Mozilla\Firefox\Profiles\yabnyxtk.default\extensions
[2010/11/22 18:49:39 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Taro\AppData\Roaming\Mozilla\Firefox\Profiles\yabnyxtk.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/11/22 18:49:44 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Taro\AppData\Roaming\Mozilla\Firefox\Profiles\yabnyxtk.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/11/22 18:49:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Taro\AppData\Roaming\Mozilla\Firefox\Profiles\yabnyxtk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/25 15:22:22 | 000,000,938 | ---- | M] () -- C:\Users\Taro\AppData\Roaming\Mozilla\Firefox\Profiles\yabnyxtk.default\searchplugins\facebook.xml
[2010/02/08 22:34:30 | 000,002,005 | ---- | M] () -- C:\Users\Taro\AppData\Roaming\Mozilla\Firefox\Profiles\yabnyxtk.default\searchplugins\grooveshark.xml
[2009/09/13 21:27:11 | 000,000,952 | ---- | M] () -- C:\Users\Taro\AppData\Roaming\Mozilla\Firefox\Profiles\yabnyxtk.default\searchplugins\youtube-video-search.xml
[2010/12/01 16:19:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/15 00:06:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/07 23:53:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/04/13 16:33:00 | 000,001,199 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [Drivers] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - HKCU..\Run: [Songkicker] C:\Program Files (x86)\Songkick\Songkicker\Songkicker.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.135.249.50 128.135.247.50
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Taro\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Taro\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cca4c139-db9c-11de-85d6-002219fd4209}\Shell - "" = AutoRun
O33 - MountPoints2\{cca4c139-db9c-11de-85d6-002219fd4209}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()


SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2010/12/02 11:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/12/02 11:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010/12/01 16:42:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\MustBeRandomlyNamed
[2010/12/01 16:41:42 | 000,719,574 | ---- | C] (UG North ) -- C:\Users\Taro\Desktop\RkU3.8.388.590.exe
[2010/12/01 16:41:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/30 17:18:36 | 000,000,000 | ---D | C] -- C:\Users\Taro\AppData\Local\Unity
[2010/11/13 14:35:35 | 000,000,000 | ---D | C] -- C:\Users\Taro\Desktop\minecraft cartographer
[2010/11/13 14:23:19 | 000,000,000 | ---D | C] -- C:\Users\Taro\Desktop\minecraft xray
[2009/08/26 22:13:18 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Taro\AppData\Roaming\DataSafeDotNet.exe
[3 C:\Users\Taro\Documents\*.tmp files -> C:\Users\Taro\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/05 13:30:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3195431066-852443905-1874087855-1000UA.job
[2010/12/05 10:04:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/05 08:07:51 | 068,526,442 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/12/04 16:30:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3195431066-852443905-1874087855-1000Core.job
[2010/12/03 16:04:21 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/03 16:04:21 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/03 15:55:23 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/03 01:16:43 | 000,027,423 | ---- | M] () -- C:\Users\Taro\Documents\Philosophy and Literature Term Paper.docx
[2010/12/03 01:07:44 | 000,022,357 | ---- | M] () -- C:\Users\Taro\Documents\Philosophy and Literature Term Paper Returned from Lisa.docx
[2010/12/02 22:35:50 | 000,002,397 | ---- | M] () -- C:\Users\Taro\Desktop\Google Chrome.lnk
[2010/12/02 11:28:49 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/12/02 11:27:09 | 000,001,936 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/12/02 11:27:07 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/12/01 16:48:33 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/12/01 16:20:07 | 000,001,965 | ---- | M] () -- C:\Users\Taro\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/01 16:20:07 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/12/01 00:15:12 | 000,077,404 | ---- | M] () -- C:\Users\Taro\Documents\Bio 191 Lab Report 4.docx
[2010/11/30 17:02:46 | 000,015,772 | ---- | M] () -- C:\Users\Taro\Desktop\Can we say that we can learn from fiction.docx
[2010/11/30 13:53:59 | 000,115,980 | ---- | M] () -- C:\Users\Taro\Desktop\191 THURS BLOT3 12minexp.jpeg
[2010/11/29 12:53:32 | 000,743,794 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/29 12:53:32 | 000,635,850 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/29 12:53:32 | 000,111,392 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/28 14:54:31 | 000,000,162 | -H-- | M] () -- C:\Users\Taro\Documents\~$ilosophy and Literature Term Paper.docx
[2010/11/27 14:31:12 | 000,000,162 | -H-- | M] () -- C:\Users\Taro\Desktop\~$n we say that we can learn from fiction.docx
[2010/11/23 21:10:42 | 000,024,064 | ---- | M] () -- C:\Users\Taro\Documents\Bio 191 EQ 8.doc
[2010/11/23 21:09:44 | 000,024,064 | ---- | M] () -- C:\Users\Taro\Documents\MatsunoT EQ 8.doc
[2010/11/23 13:43:08 | 000,013,985 | ---- | M] () -- C:\Users\Taro\Documents\OChem Lab Report 6 Nucleophilic Substitution Reactions.docx
[2010/11/22 20:57:26 | 003,913,898 | ---- | M] () -- C:\Users\Taro\Desktop\ComboFix.exe
[2010/11/21 23:40:42 | 002,918,923 | ---- | M] () -- C:\Users\Taro\Desktop\Recording Test and practice.mp3
[2010/11/21 23:21:05 | 000,326,317 | ---- | M] () -- C:\Users\Taro\Desktop\Recording Test and practice.wav.asd
[2010/11/21 23:20:48 | 028,246,096 | ---- | M] () -- C:\Users\Taro\Desktop\Recording Test and practice.wav
[2010/11/18 16:33:38 | 000,059,904 | ---- | M] () -- C:\Users\Taro\Desktop\Second cohort biomass 11-18-10.xls
[2010/11/18 13:23:53 | 000,047,104 | ---- | M] () -- C:\Users\Taro\Desktop\Second cohort biomass(excel).xls
[2010/11/18 12:25:50 | 000,025,088 | ---- | M] () -- C:\Users\Taro\Documents\Bio 191 Week 8 Prelab Quiz.doc
[2010/11/18 12:02:49 | 000,017,371 | ---- | M] () -- C:\Users\Taro\Documents\Bio 191 Lab Report 3.docx
[2010/11/17 14:43:50 | 000,018,279 | ---- | M] () -- C:\Users\Taro\Desktop\Second cohort biomass.xlsx
[2010/11/17 00:08:20 | 000,023,040 | ---- | M] () -- C:\Users\Taro\Documents\Bio 191 EQ 7.doc
[2010/11/16 19:20:08 | 000,344,001 | ---- | M] () -- C:\Users\Taro\Desktop\chem220_2010_PS4_VK.pdf
[2010/11/16 03:18:36 | 000,000,584 | ---- | M] () -- C:\Users\Taro\Documents\grstyles.stl
[2010/11/16 03:16:14 | 000,040,839 | ---- | M] () -- C:\Users\Taro\Documents\OChem Lab Report 5 Resolution of + Phenylsuccinic Acid.docx
[2010/11/16 03:15:31 | 000,040,856 | ---- | M] () -- C:\Users\Taro\Documents\OChem Lab Report 4 Steam Distillation of R-Limonene.docx
[2010/11/10 22:14:41 | 000,045,756 | ---- | M] () -- C:\Users\Taro\Desktop\F10 MitoLabQuiz.pdf
[2010/11/10 22:14:36 | 004,977,607 | ---- | M] () -- C:\Users\Taro\Desktop\F10MitoHandout.pdf
[2010/11/09 20:21:23 | 000,011,980 | ---- | M] () -- C:\Users\Taro\Desktop\Week 6 Question.docx
[2010/11/09 02:19:28 | 000,000,162 | -H-- | M] () -- C:\Users\Taro\Documents\~$hem Lab Report 4 Steam Distillation of R-Limonene.docx
[2010/11/08 22:08:22 | 000,137,048 | ---- | M] () -- C:\Users\Taro\Desktop\1053468159X.pdf
[2010/11/07 16:43:38 | 000,192,826 | ---- | M] () -- C:\Users\Taro\Desktop\chem220_2010_PS3_final.pdf
[3 C:\Users\Taro\Documents\*.tmp files -> C:\Users\Taro\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/03 01:07:40 | 000,022,357 | ---- | C] () -- C:\Users\Taro\Documents\Philosophy and Literature Term Paper Returned from Lisa.docx
[2010/12/02 11:28:49 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/12/02 11:27:09 | 000,001,936 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/12/02 11:27:07 | 000,001,938 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/12/01 16:42:31 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/12/01 16:20:07 | 000,001,965 | ---- | C] () -- C:\Users\Taro\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/01 16:20:07 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/30 23:49:04 | 000,077,404 | ---- | C] () -- C:\Users\Taro\Documents\Bio 191 Lab Report 4.docx
[2010/11/30 13:53:19 | 000,115,980 | ---- | C] () -- C:\Users\Taro\Desktop\191 THURS BLOT3 12minexp.jpeg
[2010/11/28 14:54:31 | 000,000,162 | -H-- | C] () -- C:\Users\Taro\Documents\~$ilosophy and Literature Term Paper.docx
[2010/11/28 13:32:03 | 000,027,423 | ---- | C] () -- C:\Users\Taro\Documents\Philosophy and Literature Term Paper.docx
[2010/11/27 14:31:12 | 000,000,162 | -H-- | C] () -- C:\Users\Taro\Desktop\~$n we say that we can learn from fiction.docx
[2010/11/23 21:10:42 | 000,024,064 | ---- | C] () -- C:\Users\Taro\Documents\Bio 191 EQ 8.doc
[2010/11/23 21:09:38 | 000,024,064 | ---- | C] () -- C:\Users\Taro\Documents\MatsunoT EQ 8.doc
[2010/11/23 08:49:35 | 000,013,985 | ---- | C] () -- C:\Users\Taro\Documents\OChem Lab Report 6 Nucleophilic Substitution Reactions.docx
[2010/11/22 20:57:23 | 003,913,898 | ---- | C] () -- C:\Users\Taro\Desktop\ComboFix.exe
[2010/11/21 23:24:18 | 002,918,923 | ---- | C] () -- C:\Users\Taro\Desktop\Recording Test and practice.mp3
[2010/11/21 23:21:05 | 000,326,317 | ---- | C] () -- C:\Users\Taro\Desktop\Recording Test and practice.wav.asd
[2010/11/21 23:09:43 | 028,246,096 | ---- | C] () -- C:\Users\Taro\Desktop\Recording Test and practice.wav
[2010/11/18 16:33:37 | 000,059,904 | ---- | C] () -- C:\Users\Taro\Desktop\Second cohort biomass 11-18-10.xls
[2010/11/18 13:23:47 | 000,047,104 | ---- | C] () -- C:\Users\Taro\Desktop\Second cohort biomass(excel).xls
[2010/11/18 12:25:49 | 000,025,088 | ---- | C] () -- C:\Users\Taro\Documents\Bio 191 Week 8 Prelab Quiz.doc
[2010/11/17 15:05:16 | 000,017,371 | ---- | C] () -- C:\Users\Taro\Documents\Bio 191 Lab Report 3.docx
[2010/11/17 00:08:20 | 000,023,040 | ---- | C] () -- C:\Users\Taro\Documents\Bio 191 EQ 7.doc
[2010/11/16 19:20:14 | 000,344,001 | ---- | C] () -- C:\Users\Taro\Desktop\chem220_2010_PS4_VK.pdf
[2010/11/16 03:16:14 | 000,040,839 | ---- | C] () -- C:\Users\Taro\Documents\OChem Lab Report 5 Resolution of + Phenylsuccinic Acid.docx
[2010/11/16 02:10:43 | 000,015,772 | ---- | C] () -- C:\Users\Taro\Desktop\Can we say that we can learn from fiction.docx
[2010/11/10 22:14:43 | 000,045,756 | ---- | C] () -- C:\Users\Taro\Desktop\F10 MitoLabQuiz.pdf
[2010/11/10 22:14:37 | 004,977,607 | ---- | C] () -- C:\Users\Taro\Desktop\F10MitoHandout.pdf
[2010/11/10 13:55:41 | 000,018,279 | ---- | C] () -- C:\Users\Taro\Desktop\Second cohort biomass.xlsx
[2010/11/09 20:21:22 | 000,011,980 | ---- | C] () -- C:\Users\Taro\Desktop\Week 6 Question.docx
[2010/11/09 02:19:28 | 000,000,162 | -H-- | C] () -- C:\Users\Taro\Documents\~$hem Lab Report 4 Steam Distillation of R-Limonene.docx
[2010/11/09 02:19:21 | 000,040,856 | ---- | C] () -- C:\Users\Taro\Documents\OChem Lab Report 4 Steam Distillation of R-Limonene.docx
[2010/11/08 22:08:24 | 000,137,048 | ---- | C] () -- C:\Users\Taro\Desktop\1053468159X.pdf
[2010/11/07 16:43:49 | 000,192,826 | ---- | C] () -- C:\Users\Taro\Desktop\chem220_2010_PS3_final.pdf
[2010/10/07 21:12:21 | 000,760,026 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/26 01:37:44 | 000,002,774 | ---- | C] () -- C:\Users\Taro\AppData\Local\Rhusino.dat
[2010/07/20 00:55:27 | 000,000,132 | ---- | C] () -- C:\Users\Taro\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/19 15:36:38 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2010/04/20 17:12:08 | 000,004,608 | ---- | C] () -- C:\Users\Taro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/18 15:26:55 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/11/18 15:26:54 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/11/18 15:26:53 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/11/18 15:26:53 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/11/18 15:26:52 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/11/05 19:14:56 | 000,002,187 | ---- | C] () -- C:\Users\Taro\AppData\Local\Win7_tmp1.htm
[2009/08/21 23:00:54 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/02/07 09:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll

========== LOP Check ==========

[2010/11/13 00:53:59 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\.minecraft
[2009/11/05 18:25:50 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\Ableton
[2010/10/12 00:58:47 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\Advanced Chemistry Development
[2009/11/05 18:25:50 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\Amazon
[2010/07/24 20:46:30 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\Antares
[2009/11/05 18:25:51 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\Convivea
[2009/11/05 18:25:56 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\DAEMON Tools Lite
[2009/11/05 18:25:56 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\Deusty
[2009/11/05 18:25:57 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\DMCache
[2009/11/16 18:56:34 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\Foxit
[2009/11/27 12:13:15 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\Foxit Software
[2010/07/20 00:14:44 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\gtk-2.0
[2009/11/05 18:25:59 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\IDM
[2009/11/11 15:26:18 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\ImgBurn
[2010/09/15 21:32:59 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\LolClient
[2010/10/16 22:10:39 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\MinecraftTools
[2010/04/06 15:04:32 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\RenPy
[2009/11/05 18:26:21 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\Songbird2
[2009/11/05 18:26:24 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\SystemRequirementsLab
[2009/11/28 18:49:39 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\The Creative Assembly
[2010/09/14 18:35:52 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\Thunderbird
[2010/12/05 13:37:29 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\uTorrent
[2010/07/12 02:37:55 | 000,000,000 | ---D | M] -- C:\Users\Taro\AppData\Roaming\VBA-M
[2010/03/30 09:15:29 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Attached Files



#4 Taro Matsuno

Taro Matsuno
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 05 December 2010 - 02:45 PM

I checked recently, it doesn't seem that I'm getting redirected anymore, though it could just be that the problem is intermittent. I had no problems with the scans

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:11 PM

Posted 05 December 2010 - 03:58 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Taro Matsuno

Taro Matsuno
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 05 December 2010 - 06:21 PM

ComboFix 10-12-04.02 - Taro 12/05/2010 17:05:01.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2927 [GMT -6:00]
Running from: c:\users\Taro\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\data\GuitarRig.exe
C:\Install.exe
c:\users\Taro\AppData\Local\{B49BB467-DA4D-403C-A136-B894905D52DB}
c:\users\Taro\AppData\Local\{B49BB467-DA4D-403C-A136-B894905D52DB}\chrome.manifest
c:\users\Taro\AppData\Local\{B49BB467-DA4D-403C-A136-B894905D52DB}\chrome\content\_cfg.js
c:\users\Taro\AppData\Local\{B49BB467-DA4D-403C-A136-B894905D52DB}\chrome\content\overlay.xul
c:\users\Taro\AppData\Local\{B49BB467-DA4D-403C-A136-B894905D52DB}\install.rdf
c:\users\Taro\GoToAssistDownloadHelper.exe
c:\windows\jestertb.dll

.
((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
.

2010-12-05 23:15 . 2010-12-05 23:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-05 22:49 . 2010-12-05 22:49 -------- d-----w- c:\users\Taro\AppData\Roaming\AVG9
2010-12-02 17:27 . 2010-12-02 17:27 -------- d-----w- c:\programdata\McAfee Security Scan
2010-12-02 17:27 . 2010-12-02 17:27 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2010-12-01 22:42 . 2010-12-01 22:48 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2010-12-01 22:42 . 2010-12-01 22:42 -------- d-----w- c:\windows\SysWow64\MustBeRandomlyNamed
2010-12-01 22:35 . 2010-10-27 06:09 553696 ----a-w- c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
2010-12-01 22:35 . 2010-10-27 06:10 66520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npnul32.dll
2010-12-01 22:35 . 2010-10-27 06:10 140248 ----a-w- c:\program files (x86)\Mozilla Firefox\components\brwsrcmp.dll
2010-12-01 22:35 . 2010-10-27 06:10 25048 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browserdirprovider.dll
2010-11-30 23:18 . 2010-11-30 23:18 -------- d-----w- c:\users\Taro\AppData\Local\Unity
2010-11-24 16:46 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-24 16:46 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-10 18:49 . 2010-11-10 18:49 135568 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2010-11-10 18:49 . 2010-11-10 18:49 135568 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 05:35 . 2010-10-27 04:04 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35 . 2010-10-27 04:04 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36 . 2010-10-13 15:42 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:34 . 2010-10-13 15:42 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 04:30 . 2010-10-13 15:42 978432 ----a-w- c:\windows\SysWow64\wininet.dll
2010-09-08 04:28 . 2010-10-13 15:42 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-09-08 04:16 . 2010-10-13 15:42 482816 ----a-w- c:\windows\system32\html.iec
2010-09-08 03:35 . 2010-10-13 15:42 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-08 03:22 . 2010-10-13 15:42 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-09-08 02:48 . 2010-10-13 15:42 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-04-01 319792]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Google Update"="c:\users\Taro\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-21 135664]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-06-02 2273792]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-09-15 2969496]
"Songkicker"="c:\program files (x86)\Songkick\Songkicker\Songkicker.exe" [2009-12-15 1079296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2009-11-25 2429]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

c:\users\Taro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-11-17 1066536]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-12 1038088]
R3 MADFUFTU;Service for M-Audio FastTrackUltra DFU;c:\windows\system32\DRIVERS\MAudioFastTrackUltra_DFU.sys [2009-09-25 45832]
R3 MAUSBFASTTRACKULTRA;Service for M-Audio Fast Track Ultra;c:\windows\system32\DRIVERS\MAudioFastTrackUltra.sys [2009-09-25 195592]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Normandy;Normandy SR2; [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-08-12 55856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-27 834544]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 203264]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-12-23 36392]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [2009-02-09 158592]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [2009-02-09 310784]


--- Other Services/Drivers In Memory ---

*Deregistered* - AvgTdiA
.
Contents of the 'Scheduled Tasks' folder

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195431066-852443905-1874087855-1000Core.job
- c:\users\Taro\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-21 06:02]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195431066-852443905-1874087855-1000UA.job
- c:\users\Taro\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-21 06:02]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-25 1657128]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-08-07 3179088]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-09-25 798216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Taro\AppData\Roaming\Mozilla\Firefox\Profiles\yabnyxtk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.songkick.com/calendar?utm_campaign=upcoming%2Fdaily_digest&utm_medium=email&utm_source=skemail
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\users\Taro\AppData\Roaming\Mozilla\Firefox\Profiles\yabnyxtk.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: c:\program files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Taro\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Taro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - c:\users\Taro\AppData\Roaming\Mozilla\Firefox\Profiles\yabnyxtk.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\Taro\AppData\Roaming\Mozilla\Firefox\Profiles\yabnyxtk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - c:\users\Taro\AppData\Roaming\Mozilla\Firefox\Profiles\yabnyxtk.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
.
- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKLM-Run-Drivers - Drivers.exe
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp mp3 (Fraunhofer IIS) Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Calculate Audio CRC] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\Pbsvc.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3195431066-852443905-1874087855-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ef,51,20,66,d6,eb,fc,61,92,ac,25,15,38,7d,a1,bc,cb,f1,42,ea,40,
0c,27,14,f4,28,e1,3b,c8,7c,5f,73,8d,e8,c7,18,18,f8,58,a3,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-3195431066-852443905-1874087855-1000_Classes\Wow6432Node\CLSID\{9bb13810-76f8-443d-b959-88ab64e25ea2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,26,39,2f,57,55,1f,a2,5d,e8,d0,b1,53,27,15,5d,e4,47,a8,e5,bc,c4,df,\
"Model"=dword:0000011b
"Therad"=dword:0000001f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-05 17:18:34
ComboFix-quarantined-files.txt 2010-12-05 23:18

Pre-Run: 23,332,581,376 bytes free
Post-Run: 22,923,657,216 bytes free

- - End Of File - - 2AA897B96505F129792C011A591B1C37

No change since last time

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:11 PM

Posted 05 December 2010 - 07:02 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:11 PM

Posted 08 December 2010 - 02:21 AM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:11 PM

Posted 10 December 2010 - 11:18 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users