Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijack - HijackThis log included


  • This topic is locked This topic is locked
30 replies to this topic

#1 EricErik

EricErik

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 07 October 2011 - 02:09 PM

I'm pretty certain I've suffered a browser hijack, as every time I start up any browser, the default search engine is set to bing or yahoo. Included is a Hijackthis log I ran.

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Administrator\Downloads\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Google Updater] "C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
O4 - HKLM\..\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [F.lux] "C:\Users\Administrator\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\Printer\Center\EKDiscovery.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files (x86)\Kodak\printer\center\KodakSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spybot-S&D 2 Hooks Service (SDHookService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11661 bytes

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,946 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:21 PM

Posted 08 October 2011 - 11:48 AM

You are receiving assistance here: http://www.bleepingcomputer.com/forums/topic422412.html

If it is determined that you will need specialized malware removal assistance to resolve the problems with your computer, you will receive specific instructions for posting in the log forum at that time.

This topic is now closed to avoid potential confusion.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:21 PM

Posted 09 October 2011 - 02:08 AM

This topic has been re-opened at the request of the person who originally posted.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:21 PM

Posted 09 October 2011 - 02:10 AM

Hello EricErik,

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 EricErik

EricErik
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 09 October 2011 - 02:12 PM

The scan wouldn't run despite disabling my antivirus. I get an error message saying "this application must be terminated at etc, etc).

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:21 PM

Posted 09 October 2011 - 02:22 PM

Can you please try to run it from Safe Mode?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 EricErik

EricErik
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 09 October 2011 - 02:28 PM

How do I do that?

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:21 PM

Posted 09 October 2011 - 02:33 PM

Restart your computer and tap the F8 key until the Advanced boot options menu comes up. Use your cursor to select Safe Mode with Networking and press enter. That should do it.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 EricErik

EricErik
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 09 October 2011 - 03:11 PM

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Administrator at 12:48:20 on 2011-10-09
Microsoft Windows 7 Professional N 6.1.7600.0.1252.1.1033.18.3003.2174 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\explorer.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll
mWinlogon: Userinit=userinit.exe,
uWinlogon: Shell=C:\Users\Administrator\AppData\Local\1cf6efbe\X
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files\Orbitdownloader\orbitcth.dll
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll
uRun: [F.lux] "C:\Users\Administrator\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
uRun: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7C5762C2-59BF-4C34-9FDB-4101FA408DBF} : DhcpNameServer = 10.200.200.2 10.200.200.8
TCP: Interfaces\{C24D560C-ABD7-4268-B9BC-8972FC549433} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C24D560C-ABD7-4268-B9BC-8972FC549433}\071637164656E61602C6966756 : DhcpNameServer = 192.168.99.1
TCP: Interfaces\{C24D560C-ABD7-4268-B9BC-8972FC549433}\1395445553 : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{C24D560C-ABD7-4268-B9BC-8972FC549433}\142727966796E6760235F6D65677865627560224574702E4F6470284562756 : DhcpNameServer = 192.168.0.1 68.94.156.1
TCP: Interfaces\{C24D560C-ABD7-4268-B9BC-8972FC549433}\2375942554134353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C24D560C-ABD7-4268-B9BC-8972FC549433}\27963796E676377756C6C6 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{C24D560C-ABD7-4268-B9BC-8972FC549433}\3574553544D23545554454E44535 : DhcpNameServer = 10.200.200.2 10.200.200.8
TCP: Interfaces\{C24D560C-ABD7-4268-B9BC-8972FC549433}\84F6E65697022416467656270234166656 : DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Notify: SDWinLogon - SDWinLogon.dll
IFEO: dfrgui.exe - "C:\PROGRAM FILES\RAXCO\PERFECTDISK10\PERFECTDISK.EXE"
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun-x64: [(Default)]
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
IFEO-X64: dfrgui.exe - "C:\PROGRAM FILES\RAXCO\PERFECTDISK10\PERFECTDISK.EXE"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tjeo6wmi.default\
FF - prefs.js: browser.search.defaulturl - Bing
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-7-31 48888]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-9-27 745880]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-3-9 2708024]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-8-18 7390560]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-24 136176]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\Printer\Center\EKDiscovery.exe [2008-10-10 274432]
S2 KodakSvc;Kodak AiO Device Service;C:\Program Files (x86)\Kodak\Printer\Center\KodakSvc.exe [2008-10-30 28672]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2011-5-3 1153368]
S2 SDHookService;Spybot-S&D 2 Hooks Service;C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-7-31 130976]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-7-31 1082800]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-5-16 1149864]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-5-16 169624]
S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-24 136176]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2011-10-08 21:35:17 -------- d-----w- C:\Program Files (x86)\Pidgin
2011-10-08 05:14:40 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-08 04:11:06 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2011-10-08 04:11:04 -------- d-----w- C:\Program Files\VS Revo Group
2011-10-08 02:50:05 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-07 20:49:14 388096 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-07 20:49:14 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-10-07 20:44:47 -------- d-sh--w- C:\Users\Administrator\AppData\Local\1cf6efbe
2011-10-07 20:35:05 -------- d-----w- C:\ProgramData\iolo
2011-10-07 04:53:50 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2011-10-07 04:53:41 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-07 04:53:36 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-07 04:53:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-05 21:16:34 -------- d-----w- C:\Program Files (x86)\IObit Toolbar
2011-10-05 21:16:34 -------- d-----w- C:\Program Files (x86)\Application Updater
2011-10-04 19:21:54 -------- d-----w- C:\Program Files (x86)\StartNow Toolbar
2011-10-04 19:19:53 -------- d-----w- C:\Program Files (x86)\JDownloader
2011-10-02 06:35:51 -------- d-----w- C:\Program Files\iPod
2011-10-02 06:35:50 -------- d-----w- C:\Program Files\iTunes
2011-10-02 06:35:50 -------- d-----w- C:\Program Files (x86)\iTunes
2011-10-02 06:32:29 -------- d-----w- C:\Program Files\Bonjour
2011-10-02 06:32:29 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-10-02 06:30:04 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2011-10-02 06:30:04 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2011-10-02 06:30:04 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2011-10-02 06:30:04 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2011-10-02 06:30:04 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2011-10-02 06:30:04 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2011-10-02 06:30:04 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2011-09-28 20:27:35 -------- d-----w- C:\ProgramData\kds_kodak
2011-09-28 20:27:27 -------- d-----w- C:\Users\Administrator\AppData\Local\Eastman_Kodak_Company
2011-09-28 20:27:02 -------- d-----w- C:\Users\Administrator\AppData\Roaming\KodakCredentialStore
2011-09-28 18:59:49 -------- d-----w- C:\Users\Administrator\AppData\Local\KodakGallery
2011-09-28 18:59:28 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Skinux
2011-09-28 18:52:31 226816 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2011-09-28 18:52:24 -------- d-----w- C:\Windows\System32\kodak
2011-09-28 18:48:20 -------- d-----w- C:\ProgramData\Eastman Kodak Company
2011-09-28 18:48:17 -------- d-----w- C:\Users\Administrator\AppData\Local\Kodak
2011-09-28 18:48:16 -------- d-----w- C:\Users\Administrator\AppData\Local\Eastman Kodak Company
2011-09-28 18:47:21 16384 ----a-w- C:\Windows\System32\EKDeviceServices.dll
2011-09-28 18:47:21 12800 ----a-w- C:\Windows\SysWow64\EKDeviceServices.dll
2011-09-28 18:46:31 -------- d-----w- C:\Users\Administrator\AppData\Local\Programs
2011-09-28 18:46:05 -------- d-----w- C:\Users\Administrator\AppData\Local\ArcSoft
2011-09-28 18:45:50 -------- d-----w- C:\ProgramData\ArcSoft
2011-09-28 18:44:33 65536 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\NewShortcut5_843081BD351F46FC8A17517A0D9117A3.exe
2011-09-28 18:44:33 65536 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\NewShortcut3_843081BD351F46FC8A17517A0D9117A3.exe
2011-09-28 18:44:33 65536 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\NewShortcut2_843081BD351F46FC8A17517A0D9117A3.exe
2011-09-28 18:44:33 65536 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\NewShortcut1_843081BD351F46FC8A17517A0D9117A3.exe
2011-09-28 18:43:57 -------- d-----w- C:\Windows\SysWow64\kodak
2011-09-28 18:42:16 -------- d-----w- C:\Program Files (x86)\Common Files\Kodak
2011-09-28 18:41:45 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2011-09-28 18:41:43 -------- d-----w- C:\Program Files (x86)\Kodak
2011-09-28 18:33:32 -------- d-----w- C:\ProgramData\Kodak
2011-09-27 05:36:43 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-09-27 05:36:42 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-09-12 21:28:44 -------- d-----w- C:\Users\Administrator\AppData\Roaming\HpUpdate
2011-09-12 21:28:14 750440 ------w- C:\Windows\System32\HPDiscoPM9311.dll
2011-09-12 21:28:02 -------- d-----w- C:\Program Files (x86)\HP
2011-09-12 21:28:01 -------- d-----w- C:\Program Files\HP
2011-09-12 21:17:23 -------- d-----w- C:\Users\Administrator\AppData\Local\HP
2011-09-11 05:56:40 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-09-11 05:56:40 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-09-11 05:56:39 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-09-11 05:56:39 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
.
==================== Find3M ====================
.
2011-09-02 09:36:53 6144 ----a-w- C:\Windows\System32\HdmiCoin.dll
2011-09-02 09:36:53 145408 ----a-w- C:\Windows\System32\drivers\IntcHdmi.sys
2011-09-02 08:58:36 292400 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2011-09-02 08:58:36 263464 ----a-w- C:\Windows\System32\SynCtrl.dll
2011-09-02 08:58:36 206120 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2011-09-02 08:58:36 205608 ----a-w- C:\Windows\System32\SynTPAPI.dll
2011-09-02 08:58:36 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2011-09-02 08:58:36 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2011-09-02 08:58:35 396072 ----a-w- C:\Windows\System32\SynCOM.dll
2011-09-02 08:58:35 169256 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2011-09-02 06:55:38 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2011-08-20 23:38:25 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll
2011-08-01 19:41:54 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-07-28 01:37:20 403616 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-12 18:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 18:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 18:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 18:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 18:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 18:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 18:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2010-11-26 20:58:20 2861056 ----a-w- C:\Program Files (x86)\Ventrilo.exe
.
============= FINISH: 12:49:23.71 ===============

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:21 PM

Posted 09 October 2011 - 03:30 PM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 EricErik

EricErik
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 09 October 2011 - 04:12 PM

I had to run it in safe mode since I got another weird application error, which popped up again when it restarted, if that has any bearing.



ComboFix 11-10-09.01 - Administrator 10/09/2011 13:56:14.1.2 - x64 NETWORK
Microsoft Windows 7 Professional N 6.1.7600.0.1252.1.1033.18.3003.1912 [GMT -7:00]
Running from: c:\downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\ToOLbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\windows\assembly\tmp\U
c:\windows\Install
c:\windows\Install\SV5.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))
.
.
2011-10-09 21:01 . 2011-10-09 21:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-08 21:35 . 2011-10-08 21:35 -------- d-----w- c:\program files (x86)\Pidgin
2011-10-08 05:14 . 2011-10-08 19:30 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-08 04:11 . 2009-12-30 18:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-10-08 04:11 . 2011-10-08 04:11 -------- d-----w- c:\program files\VS Revo Group
2011-10-08 02:50 . 2011-10-08 03:42 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-07 20:49 . 2011-10-07 20:49 388096 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-07 20:49 . 2011-10-07 20:49 -------- d-----w- c:\program files (x86)\Trend Micro
2011-10-07 20:44 . 2011-10-07 20:44 -------- d-sh--w- c:\users\Administrator\AppData\Local\1cf6efbe
2011-10-07 20:35 . 2011-10-08 21:31 -------- d-----w- c:\programdata\iolo
2011-10-07 04:53 . 2011-10-07 04:53 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2011-10-07 04:53 . 2011-10-07 04:53 -------- d-----w- c:\programdata\Malwarebytes
2011-10-07 04:53 . 2011-10-07 04:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-07 04:53 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-05 21:16 . 2011-10-05 21:16 -------- d-----w- c:\program files (x86)\Application Updater
2011-10-05 21:16 . 2011-10-05 21:16 -------- d-----w- c:\program files (x86)\IObit Toolbar
2011-10-05 04:38 . 2011-10-05 04:38 -------- d-----w- c:\users\Administrator\AppData\Roaming\dvdcss
2011-10-04 19:19 . 2011-10-07 18:28 -------- d-----w- c:\program files (x86)\JDownloader
2011-10-02 06:35 . 2011-10-02 06:35 -------- d-----w- c:\program files\iPod
2011-10-02 06:35 . 2011-10-02 06:36 -------- d-----w- c:\program files\iTunes
2011-10-02 06:35 . 2011-10-02 06:36 -------- d-----w- c:\program files (x86)\iTunes
2011-10-02 06:32 . 2011-10-02 06:32 -------- d-----w- c:\program files\Bonjour
2011-10-02 06:32 . 2011-10-02 06:32 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-02 06:30 . 2011-10-02 06:30 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2011-10-02 06:30 . 2011-10-02 06:30 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2011-10-02 06:30 . 2011-10-02 06:30 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2011-10-02 06:30 . 2011-10-02 06:30 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2011-10-02 06:30 . 2011-10-02 06:30 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2011-10-02 06:30 . 2011-10-02 06:30 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2011-10-02 06:30 . 2011-10-02 06:30 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2011-10-02 06:29 . 2011-10-02 06:30 -------- d-----w- c:\program files (x86)\QuickTime
2011-09-29 21:28 . 2011-09-29 21:28 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-09-28 20:27 . 2011-09-28 20:27 -------- d-----w- c:\programdata\kds_kodak
2011-09-28 20:27 . 2011-09-28 20:27 -------- d-----w- c:\users\Administrator\AppData\Local\Eastman_Kodak_Company
2011-09-28 20:27 . 2011-09-28 20:27 -------- d-----w- c:\users\Administrator\AppData\Roaming\KodakCredentialStore
2011-09-28 18:59 . 2011-09-28 18:59 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skinux
2011-09-28 18:52 . 2008-10-22 14:54 226816 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2011-09-28 18:52 . 2011-09-28 18:52 -------- d-----w- c:\windows\system32\kodak
2011-09-28 18:48 . 2011-09-28 18:48 -------- d-----w- c:\programdata\Eastman Kodak Company
2011-09-28 18:48 . 2011-09-28 18:52 -------- d-----w- c:\users\Administrator\AppData\Local\Kodak
2011-09-28 18:48 . 2011-09-28 18:48 -------- d-----w- c:\users\Administrator\AppData\Local\Eastman Kodak Company
2011-09-28 18:47 . 2008-10-30 17:58 12800 ----a-w- c:\windows\SysWow64\EKDeviceServices.dll
2011-09-28 18:47 . 2008-08-28 01:27 16384 ----a-w- c:\windows\system32\EKDeviceServices.dll
2011-09-28 18:46 . 2011-09-28 18:46 -------- d-----w- c:\users\Administrator\AppData\Local\Programs
2011-09-28 18:46 . 2011-09-28 18:46 -------- d-----w- c:\users\Administrator\AppData\Local\ArcSoft
2011-09-28 18:46 . 2011-09-28 18:46 -------- d-----w- c:\users\Administrator\AppData\Roaming\Arcsoft
2011-09-28 18:45 . 2011-09-29 21:21 -------- d-----w- c:\programdata\ArcSoft
2011-09-28 18:45 . 2011-09-28 18:45 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2011-09-28 18:45 . 2011-09-28 18:45 -------- d-----w- c:\program files (x86)\ArcSoft
2011-09-28 18:44 . 2011-09-28 18:44 65536 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\NewShortcut5_843081BD351F46FC8A17517A0D9117A3.exe
2011-09-28 18:44 . 2011-09-28 18:44 65536 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\NewShortcut3_843081BD351F46FC8A17517A0D9117A3.exe
2011-09-28 18:44 . 2011-09-28 18:44 65536 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\NewShortcut2_843081BD351F46FC8A17517A0D9117A3.exe
2011-09-28 18:44 . 2011-09-28 18:44 65536 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\NewShortcut1_843081BD351F46FC8A17517A0D9117A3.exe
2011-09-28 18:43 . 2011-09-28 18:43 -------- d-----w- c:\windows\SysWow64\kodak
2011-09-28 18:42 . 2011-09-28 18:42 -------- d-----w- c:\program files (x86)\Common Files\Kodak
2011-09-28 18:41 . 2011-09-28 18:43 -------- d-----w- c:\program files (x86)\Kodak
2011-09-28 18:33 . 2011-09-28 18:59 -------- d-----w- c:\programdata\Kodak
2011-09-27 05:36 . 2011-09-27 05:36 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-09-27 05:36 . 2011-09-27 05:36 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-09-12 21:28 . 2011-09-15 07:59 -------- d-----w- c:\users\Administrator\AppData\Roaming\HpUpdate
2011-09-12 21:28 . 2010-11-17 04:24 750440 ------w- c:\windows\system32\HPDiscoPM9311.dll
2011-09-12 21:28 . 2011-09-12 21:58 -------- d-----w- c:\programdata\HP
2011-09-12 21:28 . 2011-09-12 21:28 -------- d-----w- c:\program files (x86)\HP
2011-09-12 21:28 . 2011-09-12 21:28 -------- d-----w- c:\program files\HP
2011-09-12 21:17 . 2011-09-12 22:33 -------- d-----w- c:\users\Administrator\AppData\Local\HP
2011-09-11 05:56 . 2001-09-05 11:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-09-11 05:56 . 2001-09-05 11:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-09-11 05:56 . 2001-09-05 11:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-09-11 05:56 . 2001-09-05 11:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-02 09:37 . 2011-09-02 09:37 982240 ----a-w- c:\windows\system32\igkrng500.bin
2011-09-02 09:37 . 2011-09-02 09:37 90112 ----a-w- c:\windows\system32\igfxCoIn_v2226.dll
2011-09-02 09:37 . 2011-09-02 09:37 87552 ----a-w- c:\windows\system32\igfxrtrk.lrc
2011-09-02 09:37 . 2011-09-02 09:37 87552 ----a-w- c:\windows\system32\igfxrsve.lrc
2011-09-02 09:37 . 2011-09-02 09:37 87552 ----a-w- c:\windows\system32\igfxrslv.lrc
2011-09-02 09:37 . 2011-09-02 09:37 87040 ----a-w- c:\windows\system32\igfxrtha.lrc
2011-09-02 09:37 . 2011-09-02 09:37 61952 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-09-02 09:37 . 2011-09-02 09:37 509464 ----a-w- c:\windows\system32\igfxsrvc.exe
2011-09-02 09:37 . 2011-09-02 09:37 208896 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2011-09-02 09:37 . 2011-09-02 09:37 205824 ----a-w- c:\windows\system32\iglhsip64.dll
2011-09-02 09:37 . 2011-09-02 09:37 187392 ----a-w- c:\windows\system32\iglhcp64.dll
2011-09-02 09:37 . 2011-09-02 09:37 162328 ----a-w- c:\windows\system32\igfxtray.exe
2011-09-02 09:37 . 2011-09-02 09:37 143360 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2011-09-02 09:37 . 2011-09-02 09:37 88064 ----a-w- c:\windows\system32\igfxrsky.lrc
2011-09-02 09:37 . 2011-09-02 09:37 92356 ----a-w- c:\windows\system32\igfcg500m.bin
2011-09-02 09:37 . 2011-09-02 09:37 88576 ----a-w- c:\windows\system32\igfxrfra.lrc
2011-09-02 09:37 . 2011-09-02 09:37 88576 ----a-w- c:\windows\system32\igfxresn.lrc
2011-09-02 09:37 . 2011-09-02 09:37 88576 ----a-w- c:\windows\system32\igfxrell.lrc
2011-09-02 09:37 . 2011-09-02 09:37 88064 ----a-w- c:\windows\system32\igfxrrus.lrc
2011-09-02 09:37 . 2011-09-02 09:37 88064 ----a-w- c:\windows\system32\igfxrptg.lrc
2011-09-02 09:37 . 2011-09-02 09:37 88064 ----a-w- c:\windows\system32\igfxrplk.lrc
2011-09-02 09:37 . 2011-09-02 09:37 88064 ----a-w- c:\windows\system32\igfxrnld.lrc
2011-09-02 09:37 . 2011-09-02 09:37 88064 ----a-w- c:\windows\system32\igfxrita.lrc
2011-09-02 09:37 . 2011-09-02 09:37 88064 ----a-w- c:\windows\system32\igfxrdeu.lrc
2011-09-02 09:37 . 2011-09-02 09:37 87552 ----a-w- c:\windows\system32\igfxrptb.lrc
2011-09-02 09:37 . 2011-09-02 09:37 87552 ----a-w- c:\windows\system32\igfxrnor.lrc
2011-09-02 09:37 . 2011-09-02 09:37 87552 ----a-w- c:\windows\system32\igfxrhun.lrc
2011-09-02 09:37 . 2011-09-02 09:37 87552 ----a-w- c:\windows\system32\igfxrfin.lrc
2011-09-02 09:37 . 2011-09-02 09:37 87552 ----a-w- c:\windows\system32\igfxrenu.lrc
2011-09-02 09:37 . 2011-09-02 09:37 87552 ----a-w- c:\windows\system32\igfxrcsy.lrc
2011-09-02 09:37 . 2011-09-02 09:37 87040 ----a-w- c:\windows\system32\igfxrdan.lrc
2011-09-02 09:37 . 2011-09-02 09:37 86528 ----a-w- c:\windows\system32\igfxrheb.lrc
2011-09-02 09:37 . 2011-09-02 09:37 86528 ----a-w- c:\windows\system32\igfxrara.lrc
2011-09-02 09:37 . 2011-09-02 09:37 84992 ----a-w- c:\windows\system32\igfxrkor.lrc
2011-09-02 09:37 . 2011-09-02 09:37 84992 ----a-w- c:\windows\system32\igfxrjpn.lrc
2011-09-02 09:37 . 2011-09-02 09:37 83968 ----a-w- c:\windows\system32\igfxrcht.lrc
2011-09-02 09:37 . 2011-09-02 09:37 83968 ----a-w- c:\windows\system32\igfxrchs.lrc
2011-09-02 09:37 . 2011-09-02 09:37 830464 ----a-w- c:\windows\system32\igfxress.dll
2011-09-02 09:37 . 2011-09-02 09:37 6548480 ----a-w- c:\windows\system32\igdumd64.dll
2011-09-02 09:37 . 2011-09-02 09:37 415256 ----a-w- c:\windows\system32\igfxpers.exe
2011-09-02 09:37 . 2011-09-02 09:37 380416 ----a-w- c:\windows\system32\igfxTMM.dll
2011-09-02 09:37 . 2011-09-02 09:37 27648 ----a-w- c:\windows\system32\igfxexps.dll
2011-09-02 09:37 . 2011-09-02 09:37 271360 ----a-w- c:\windows\system32\igfxdev.dll
2011-09-02 09:37 . 2011-09-02 09:37 244224 ----a-w- c:\windows\system32\igfxpph.dll
2011-09-02 09:37 . 2011-09-02 09:37 23552 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2011-09-02 09:37 . 2011-09-02 09:37 228864 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2011-09-02 09:37 . 2011-09-02 09:37 223768 ----a-w- c:\windows\system32\igfxext.exe
2011-09-02 09:37 . 2011-09-02 09:37 142336 ----a-w- c:\windows\system32\igfxdo.dll
2011-09-02 09:37 . 2011-09-02 09:37 122368 ----a-w- c:\windows\system32\igfxcpl.cpl
2011-09-02 09:37 . 2011-09-02 09:37 10619296 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2011-09-02 09:37 . 2009-07-28 22:26 571904 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2011-09-02 09:37 . 2009-07-13 21:59 4966400 ----a-w- c:\windows\SysWow64\igdumd32.dll
2011-09-02 09:37 . 2011-09-02 09:37 4410880 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2011-09-02 09:37 . 2011-09-02 09:37 439308 ----a-w- c:\windows\system32\igcompkrng500.bin
2011-09-02 09:37 . 2011-09-02 09:37 15032320 ----a-w- c:\windows\system32\ig4icd64.dll
2011-09-02 09:37 . 2009-07-13 21:59 4720640 ----a-w- c:\windows\system32\igd10umd64.dll
2011-09-02 09:37 . 2011-09-02 09:37 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2011-09-02 09:37 . 2011-09-02 09:37 386584 ----a-w- c:\windows\system32\hkcmd.exe
2011-09-02 09:37 . 2011-09-02 09:37 3156504 ----a-w- c:\windows\system32\GfxUI.exe
2011-09-02 09:37 . 2011-09-02 09:37 152600 ----a-w- c:\windows\system32\difx64.exe
2011-09-02 09:37 . 2011-09-02 09:37 119808 ----a-w- c:\windows\system32\gfxSrvc.dll
2011-09-02 09:37 . 2011-09-02 09:37 11039232 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2011-09-02 09:37 . 2011-09-02 09:37 108032 ----a-w- c:\windows\system32\hccutils.dll
2011-09-02 09:36 . 2011-09-02 09:36 6144 ----a-w- c:\windows\system32\HdmiCoin.dll
2011-09-02 09:36 . 2011-09-02 09:36 145408 ----a-w- c:\windows\system32\drivers\IntcHdmi.sys
2011-09-02 08:58 . 2011-09-02 08:58 292400 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-09-02 08:58 . 2011-09-02 08:58 263464 ----a-w- c:\windows\system32\SynCtrl.dll
2011-09-02 08:58 . 2011-09-02 08:58 206120 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2011-09-02 08:58 . 2011-09-02 08:58 205608 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-09-02 08:58 . 2011-09-02 08:58 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
2011-09-02 08:58 . 2011-09-02 08:58 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2011-09-02 08:58 . 2011-09-02 08:58 396072 ----a-w- c:\windows\system32\SynCOM.dll
2011-09-02 08:58 . 2011-09-02 08:58 169256 ----a-w- c:\windows\SysWow64\SynCOM.dll
2011-09-02 06:55 . 2009-07-13 23:56 419840 ----a-w- c:\windows\system32\systemcpl.dll
2011-08-20 23:38 . 2011-08-20 23:38 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2011-08-01 19:41 . 2011-04-28 02:23 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-28 01:37 . 2011-04-28 02:26 403616 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-12 18:34 . 2011-07-12 18:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:34 . 2011-07-12 18:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:34 . 2011-07-12 18:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 18:34 . 2011-07-12 18:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 18:20 . 2011-07-12 18:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 18:20 . 2011-07-12 18:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2010-11-26 20:58 . 2010-11-26 20:58 2861056 ----a-w- c:\program files (x86)\Ventrilo.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-05-10 . 4F8528111C0C99E47D9805C041EBF072 . 2888704 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[-] 2010-05-10 . 4F8528111C0C99E47D9805C041EBF072 . 2888704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2010-04-19 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2010-04-19 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2010-04-19 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
[-] 2010-04-22 . DA9EC5BD715C4940AF88BD87021A6F99 . 643584 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[-] 2009-07-14 . DA9EC5BD715C4940AF88BD87021A6F99 . 398336 . . [6.1.7600.16385] .. c:\windows\regedit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
Supplementary scan did not complete!
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,b6,e8,46,04,8c,ae,43,be,ff,54,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,b6,e8,46,04,8c,ae,43,be,ff,54,\
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3fr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.669\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.669"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.AAC"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.aif"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.aiff"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.amf"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.avr"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.B4S\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.caf"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.far\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.far"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htk\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.htk"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.iff"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.itz"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M3U\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M4A\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.M4A"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mat\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.mat"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.mdz"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MIZ\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MIZ"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP2"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP4"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.mtm"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.NSA"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nst\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.nst"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGG\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.OGG"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.okt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.okt"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.paf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.paf"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ptm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.ptm"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pvf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.pvf"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.raw"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rf64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.rf64"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WordPad.exe"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3z\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.s3z"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sd2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.sd2"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sds\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.sds"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.sf"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.stz"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ult\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.ult"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VLB\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.VLB"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wve\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.wve"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x3f\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.xi"
.
[HKEY_USERS\S-1-5-21-3803806097-3326649865-1951663058-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.xmz"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Spybot - Search & Destroy 2\SDScan.exe
c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.21.69\GoogleCrashHandler.exe
c:\program files (x86)\Application Updater\ApplicationUpdater.exe
c:\program files (x86)\AVG\AVG10\avgfws.exe
c:\program files (x86)\AVG\AVG10\avgwdsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe
c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\AVG\AVG10\avgam.exe
c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
c:\users\Administrator\Local Settings\Apps\F.lux\flux.exe
c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
c:\program files\Orbitdownloader\orbitdm.exe
c:\program files (x86)\AVG\AVG10\avgtray.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\program files\Spybot - Search & Destroy 2\SDTray.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\HP\HP Software Update\hpwuschd2.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2011-10-09 14:08:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-09 21:08
.
Pre-Run: 184,901,271,552 bytes free
Post-Run: 184,395,288,576 bytes free
.
- - End Of File - - 1DDAC8C0084BB0B68971D290A70D336E

#12 EricErik

EricErik
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 09 October 2011 - 04:23 PM

This may be premature, but it didn't seem to do anything. My browsers still have their search engines set to Yahoo by default and Bing attempts to set itself to it.

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:21 PM

Posted 10 October 2011 - 02:16 AM

Can you try to run it once more from Safe Mode?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 EricErik

EricErik
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 10 October 2011 - 07:18 PM

Done, and I've attached the new log.

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:21 PM

Posted 11 October 2011 - 12:45 AM

Sorry, but I don't see it. :) Please try to paste the log into the reply box and only if that doesn't work, attach it.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users