Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

variant of Win32/Kryptic.RSL and AV Security 2012V121.EXE


  • This topic is locked This topic is locked
9 replies to this topic

#1 armygreen

armygreen

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 11 November 2011 - 06:07 PM

The Kryptic.RSL was the first infection. It used to redirect me when I clicked google links, but it doesn't do that anymore. Here is the name of the file that ESET Smart Security 4 detected as the threat and cannot remove:
Operating memory >> C:\ProgramData\api-ms-win-core-fibers-l1-1-032.dll
I tried to delete the file while in safe mode, but it is there again when I reboot normally.

The second infection I noticed when I restarted my computer (which I don't do often). When it turned back on the only visible thing on my screen was the desktop background. The taskbar was not present, nor were any of my icons. Ctrl+Alt+Del did not do anything. I waited for about 10 minutes, then held the power button to shut down my computer manually. When I turned the computer on again, it all happened a second time. The next time I turned the computer on, it was insanely slow to load Windows. My mouse pointer kept getting the symbol next to it showing that my computer was thinking (this went on for about an hour). I opened Windows Task Manager and checked my processes, and it had AV Security 2012V121.exe*32 listed probably 50 times or so. Each one taking up a different amount of memory. I ran DeFogger and restarted my computer. It took probably 15 minutes at least for Windows to shutdown, but there were no issues with Windows loading again. Now I'm looking at Windows Task Manager and do not see the AV Security program listed under processes at all.

I am using Windows 7 Home Premium 64-bit. I will list the DDS log and attach the attach file. Also, I will attach my log files from ESET both as a .txt and a .xml just in case it can help. I have to zip them, though, because they are too large to be attached otherwise.

Thank you for your time and help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Owner at 14:02:50 on 2011-11-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4093.2414 [GMT -8:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET Smart Security 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
C:\Windows\TEMP\GuardGuard.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\lxdncoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\AhnLab\Smart Update Utility\AhnSD.exe
C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.apeha.ru
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: {0160CE27-16FC-470D-804F-FEABCD6886E6} - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
mRun: [AHNSD] "C:\Program Files (x86)\AhnLab\Smart Update Utility\AhnSD.exe"
mRun: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe" /gui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [FD0.exe] C:\Program Files (x86)\LP\6F60\FD0.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe
IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: army.mil\www.us
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{9615C4FC-F6C1-4D79-9CBE-11C10B7B5078} : DhcpNameServer = 68.87.69.150 68.87.85.102
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: {0160CE27-16FC-470D-804F-FEABCD6886E6} - No File
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [AHNSD] "C:\Program Files (x86)\AhnLab\Smart Update Utility\AhnSD.exe"
mRun-x64: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe" /gui
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [FD0.exe] C:\Program Files (x86)\LP\6F60\FD0.exe
IE-X64: {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe
IE-X64: {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ix47aemq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 AhnLab Task Scheduler;AhnLab Task Scheduler;C:\Program Files (x86)\AhnLab\Smart Update Utility\AhnSDsv.exe [2010-4-2 174824]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-2-21 810120]
R2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R2 Guard.Mail.ru;Guard.Mail.ru;C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe [2011-6-5 1472720]
R2 lxdn_device;lxdn_device;C:\Windows\system32\lxdncoms.exe -service --> C:\Windows\system32\lxdncoms.exe -service [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-27 2214504]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SQ931;Zoom 2.0 Webcam;C:\Windows\system32\Drivers\Capt931a.sys --> C:\Windows\system32\Drivers\Capt931a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-27 136176]
S2 Spooler32;Print Spooler ; [x]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-27 136176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2011-11-11 03:15:22 -------- d-----w- C:\Users\Owner\AppData\Roaming\c44aaQH66WK7
2011-11-11 03:15:17 -------- d-----w- C:\Users\Owner\AppData\Roaming\FQQJJ6dEK8fR9hX
2011-11-11 03:15:16 -------- d-----w- C:\Users\Owner\AppData\Roaming\tBBtzzPNycA1v
2011-11-11 03:15:11 -------- d-----w- C:\Users\Owner\AppData\Roaming\ZTTTXqqjYCeIBzO
2011-11-11 03:15:11 -------- d-----w- C:\Users\Owner\AppData\Roaming\QOOOBttxP0uS1bD
2011-11-11 03:15:06 -------- d-----w- C:\Users\Owner\AppData\Roaming\Y0yycAA1ivDon4a
2011-11-11 03:15:05 -------- d-----w- C:\Users\Owner\AppData\Roaming\FmmmH55sWJ7ELgT
2011-11-11 03:15:00 -------- d-----w- C:\Users\Owner\AppData\Roaming\weeekIIBrz
2011-11-11 03:13:56 -------- d-----w- C:\Users\Owner\AppData\Roaming\OccSS2ibb3
2011-11-11 03:12:56 -------- d-----w- C:\Users\Owner\AppData\Roaming\XTTZZqjYYe
2011-11-11 03:11:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\ZNNttxP0u
2011-11-11 03:10:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\wjUVelOBtP
2011-11-11 03:09:57 -------- d-----w- C:\Users\Owner\AppData\Roaming\eYXwjUVelBz0c1
2011-11-11 03:08:57 -------- d-----w- C:\Users\Owner\AppData\Roaming\PonG4amH6W7E9Tq
2011-11-11 03:07:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\unF4amH6sJfLgZj
2011-11-11 03:06:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\isQJ6dEK8R9YwUe
2011-11-11 03:05:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\qaQH6sWK7R9TqUe
2011-11-11 03:04:56 -------- d-----w- C:\Users\Owner\AppData\Roaming\WhTXwjUVeItPyAi
2011-11-11 03:03:55 -------- d-----w- C:\Users\Owner\AppData\Roaming\XlIBtzP0yA
2011-11-11 03:02:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\rS2obF4pm5Q7E8R
2011-11-11 03:01:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\fUVrlOBtx0c1b3n
2011-11-11 03:00:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\B6dWK8fRZhXjVlB
2011-11-11 02:59:56 -------- d-----w- C:\Users\Owner\AppData\Roaming\BZqhYXwkUrOtP
2011-11-11 02:58:56 -------- d-----w- C:\Users\Owner\AppData\Roaming\CD3pnG4aQ6W7R9T
2011-11-11 02:58:54 -------- d-----w- C:\Users\Owner\AppData\Roaming\x5aQJ6dEKfZhXjV
2011-11-11 02:58:49 -------- d-----w- C:\Users\Owner\AppData\Roaming\hrzPNycA1v2n4m5
2011-11-11 02:58:46 -------- d-----w- C:\Users\Owner\AppData\Roaming\tjUVelOBtP
2011-11-11 02:58:40 -------- d-----w- C:\Users\Owner\AppData\Roaming\ClOBtxP0uSiDpG
2011-11-11 02:58:38 -------- d-----w- C:\Users\Owner\AppData\Roaming\vA1ivD2on4m5W7E
2011-11-11 02:58:33 -------- d-----w- C:\Users\Owner\AppData\Roaming\ZwkUVrlOBx0c1b3
2011-11-11 02:58:31 -------- d-----w- C:\Users\Owner\AppData\Roaming\KhYXwjUVeOtPy
2011-11-11 02:58:26 -------- d-----w- C:\Users\Owner\AppData\Roaming\lgTZqhYCwIrOtAu
2011-11-11 02:58:25 -------- d-----w- C:\Users\Owner\AppData\Roaming\GsQJ7dEK8RqYwUr
2011-11-11 02:57:57 -------- d-----w- C:\Users\Owner\AppData\Roaming\q1ivD3onFaHsJfL
2011-11-11 02:57:54 -------- d-----w- C:\Users\Owner\AppData\Roaming\zvS2obF4pG
2011-11-11 02:57:37 -------- d-----w- C:\Users\Owner\AppData\Roaming\ygTZqjYCwIr
2011-11-11 02:57:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\xYXwkUVelBx0c1b
2011-11-11 02:57:29 -------- d-----w- C:\Users\Owner\AppData\Roaming\r7fEL8gTZjCkVzN
2011-11-11 02:57:27 -------- d-----w- C:\Users\Owner\AppData\Roaming\JS2obF3pm5Q6
2011-11-11 02:57:18 -------- d-----w- C:\Users\Owner\AppData\Roaming\B5aQJ6dWK8R9TwU
2011-11-11 02:57:16 -------- d-----w- C:\Users\Owner\AppData\Roaming\fZqhYXwkUrOtP
2011-11-11 02:57:10 -------- d-----w- C:\Users\Owner\AppData\Roaming\u9hTXwjUV
2011-11-11 02:57:08 -------- d-----w- C:\Users\Owner\AppData\Roaming\fEL9gTXqjC
2011-11-11 02:56:45 -------- d-----w- C:\Users\Owner\AppData\Roaming\qbFmGsQJ78Rq
2011-11-11 02:56:44 -------- d-----w- C:\Users\Owner\AppData\Roaming\HpmG5QdKZhXjVlB
2011-11-11 02:51:45 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2011-11-11 02:47:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\OYXwkUVrlB
2011-11-11 02:46:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\mpmH5sWJ7E
2011-11-11 02:45:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\naQH6dWK7R9TqUe
2011-11-11 02:44:52 -------- d-----w- C:\Users\Owner\AppData\Roaming\VbD3onG4a
2011-11-11 02:43:52 -------- d-----w- C:\Users\Owner\AppData\Roaming\JekIBrzPNx1v2b4
2011-11-11 02:42:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\NibD3onG4Q6W7R9
2011-11-11 02:41:54 -------- d-----w- C:\Users\Owner\AppData\Roaming\zUCelIBrzNc1v2n
2011-11-11 02:41:53 -------- d-----w- C:\Users\Owner\AppData\Roaming\zF4pmG5sQ7E8R
2011-11-11 02:41:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\rPSi3GQd8
2011-11-11 02:41:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\GelBNyA1io4HW7E
2011-11-11 02:41:39 -------- d-----w- C:\Users\Owner\AppData\Roaming\Q9hTXqjUClBzNc1
2011-11-11 02:41:39 -------- d-----w- C:\Users\Owner\AppData\Roaming\HPNycA1uv2n4m5W
2011-11-11 02:41:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\VaQH6dWK8
2011-11-11 02:41:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\L6dWK8fRLhX
2011-11-11 02:41:08 -------- d-----w- C:\Users\Owner\AppData\Roaming\KBrzPNycAu
2011-11-11 02:41:07 -------- d-----w- C:\Users\Owner\AppData\Roaming\tS2obF4pGs
2011-11-11 02:40:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\azONtxA0uSiFpGa
2011-11-11 02:40:43 -------- d-----w- C:\Users\Owner\AppData\Roaming\fA1ivD2on4m5W7E
2011-11-11 00:05:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\xHH55J7ddL8gZhC
2011-11-11 00:04:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\oUUUeekIBrPNxu
2011-11-11 00:03:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\Pu2b3n5aHKhwUeI
2011-11-11 00:02:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\OkIIVrrzOt
2011-11-11 00:01:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\whwUVVOz0c1v3Ga
2011-11-11 00:00:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\AA11u2b4msJd8Rh
2011-11-10 23:59:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\bqjUUllIrzPyAuD
2011-11-10 23:58:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\C00Sbpa6Wf9TjV
2011-11-10 23:57:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\QoobF3GQ6Eg9Yw
2011-11-10 23:56:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\SekkrzPxAu245
2011-11-10 23:55:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\RcS2i33GQ6WK8R9
2011-11-10 23:54:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\nXUeBzNciDoF
2011-11-10 23:53:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\yySiDo4msKfLgjC
2011-11-10 23:52:56 -------- d-----w- C:\Users\Owner\AppData\Roaming\nKKK8R9jeBPciDo
2011-11-10 23:51:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\ANyAv2HW7LTh
2011-11-10 23:50:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\bJ7dELhCIOt0c2
2011-11-10 23:49:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\wzOyAv2Fm5JdKgZ
2011-11-10 23:48:49 -------- d-----w- C:\Users\Owner\AppData\Roaming\zibF3pnG5QdKfZh
2011-11-10 23:47:36 -------- d-----w- C:\Users\Owner\AppData\Roaming\JHH66dWK8fRLhTw
2011-11-10 23:47:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\Q22oobF4pmH5QJ
2011-11-10 23:47:30 -------- d-----w- C:\Users\Owner\AppData\Roaming\H00yccS1ivD3nGa
2011-11-10 23:47:29 -------- d-----w- C:\Users\Owner\AppData\Roaming\xVVrrzONtxA0vSi
2011-11-10 23:47:24 -------- d-----w- C:\Users\Owner\AppData\Roaming\j66ddWKK7fL9h
2011-11-10 23:47:23 -------- d-----w- C:\Users\Owner\AppData\Roaming\YFFF4ppmG5sJ7
2011-11-10 23:47:17 -------- d-----w- C:\Users\Owner\AppData\Roaming\HNttxxA0ucS2bFp
2011-11-10 23:47:16 -------- d-----w- C:\Users\Owner\AppData\Roaming\xCCCellIBrzNyA1
2011-11-10 23:47:11 -------- d-----w- C:\Users\Owner\AppData\Roaming\dJJJ6ddEK8gZ9YX
2011-11-10 23:47:10 -------- d-----w- C:\Users\Owner\AppData\Roaming\JF44aamH6sWJfE9
2011-11-10 23:47:05 -------- d-----w- C:\Users\Owner\AppData\Roaming\YqhhYCCwkUVlOtx
2011-11-10 23:47:04 -------- d-----w- C:\Users\Owner\AppData\Roaming\v999gTTXqj
2011-11-10 00:25:17 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-10 00:25:17 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-10 00:25:16 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-10 00:25:10 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-10 00:20:32 -------- d-----w- C:\Program Files\iTunes
2011-11-10 00:20:32 -------- d-----w- C:\Program Files\iPod
2011-11-10 00:20:32 -------- d-----w- C:\Program Files (x86)\iTunes
2011-11-10 00:17:41 -------- d-----w- C:\Program Files\Bonjour
2011-11-10 00:17:41 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-08 12:10:26 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F8277FD-5C1B-4235-9589-B1DB509FD138}\mpengine.dll
2011-11-05 16:07:18 -------- d-----w- C:\Users\Owner\AppData\Local\{E52E0B98-04FF-4879-AC2E-73941622D067}
2011-11-05 16:07:08 -------- d-----w- C:\Users\Owner\AppData\Local\{4A8F6FD5-4AF6-4D66-98EF-CA879A8F65F2}
2011-10-31 23:28:15 -------- d-----w- C:\Users\Owner\AppData\Local\{929F7691-A32A-415D-8126-8161D19C1589}
2011-10-31 23:28:05 -------- d-----w- C:\Users\Owner\AppData\Local\{EB1F113D-44A4-42F7-9D74-1919BA5135B7}
2011-10-25 16:31:19 -------- d-----w- C:\Users\Owner\AppData\Local\{240E0B01-F793-489B-ABDC-5CBAC6870B58}
2011-10-25 16:31:08 -------- d-----w- C:\Users\Owner\AppData\Local\{08166204-79FD-49A3-BCBD-19437FF0535D}
2011-10-25 02:01:31 348160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcr71.dll
2011-10-25 02:01:31 155648 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll
2011-10-25 02:01:31 1060864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\mfc71.dll
2011-10-25 02:01:23 -------- d-----w- C:\Program Files (x86)\IBM
2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-24 04:28:37 -------- d-----w- C:\Users\Owner\AppData\Roaming\Command and Conquer 4
2011-10-24 04:28:35 -------- d-----w- C:\Users\Owner\AppData\Local\Electronic_Arts_Inc
2011-10-20 21:57:48 -------- d-----w- C:\Users\Owner\AppData\Local\{C543FC7F-95E8-4ABE-A1BD-31AD2065D9DF}
2011-10-20 21:57:37 -------- d-----w- C:\Users\Owner\AppData\Local\{EBABB5DC-443A-4D38-AC01-D0E978EB0531}
2011-10-14 18:47:52 -------- d-----w- C:\Program Files (x86)\Shareaza
2011-10-14 18:44:44 -------- d-----w- C:\Users\Owner\AppData\Local\{A0AC5466-DF1E-42EE-AFAF-2807024E60D8}
2011-10-14 18:44:33 -------- d-----w- C:\Users\Owner\AppData\Local\{7CCAED9C-258E-4233-ABDA-E343A1395E44}
2011-10-14 00:50:41 -------- d-----w- C:\Users\Owner\AppData\Local\{EF2B69B5-35EA-422B-9F23-8C6D278C0BB7}
2011-10-14 00:49:26 -------- d-----w- C:\Users\Owner\AppData\Local\{E7585421-911D-4831-BB7E-C641ABB4F2EE}
2011-10-13 04:36:40 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-10-13 04:36:29 -------- d-----w- C:\ProgramData\Rosetta Stone
2011-10-13 04:36:29 -------- d-----w- C:\Program Files (x86)\Rosetta Stone
.
==================== Find3M ====================
.
2011-10-12 05:21:24 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 07:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 07:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 07:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 07:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
.
============= FINISH: 14:03:41.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 PM

Posted 16 November 2011 - 06:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427465 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 armygreen

armygreen
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 17 November 2011 - 01:51 AM

I do not have my original Windows cd/dvd. Here I am posting a new DDS and Attach. I've provided all other information you've requested in my original post.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Owner at 22:46:10 on 2011-11-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4093.921 [GMT -8:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET Smart Security 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
C:\Windows\TEMP\GuardGuard.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\lxdncoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\AhnLab\Smart Update Utility\AhnSD.exe
C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.apeha.ru
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: {0160CE27-16FC-470D-804F-FEABCD6886E6} - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
mRun: [AHNSD] "C:\Program Files (x86)\AhnLab\Smart Update Utility\AhnSD.exe"
mRun: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe" /gui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [FD0.exe] C:\Program Files (x86)\LP\6F60\FD0.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe
IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: army.mil\www.us
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{9615C4FC-F6C1-4D79-9CBE-11C10B7B5078} : DhcpNameServer = 68.87.69.150 68.87.85.102
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: {0160CE27-16FC-470D-804F-FEABCD6886E6} - No File
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [AHNSD] "C:\Program Files (x86)\AhnLab\Smart Update Utility\AhnSD.exe"
mRun-x64: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe" /gui
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [FD0.exe] C:\Program Files (x86)\LP\6F60\FD0.exe
IE-X64: {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe
IE-X64: {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ix47aemq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 AhnLab Task Scheduler;AhnLab Task Scheduler;C:\Program Files (x86)\AhnLab\Smart Update Utility\AhnSDsv.exe [2010-4-2 174824]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-2-21 810120]
R2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R2 Guard.Mail.ru;Guard.Mail.ru;C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe [2011-6-5 1472720]
R2 lxdn_device;lxdn_device;C:\Windows\system32\lxdncoms.exe -service --> C:\Windows\system32\lxdncoms.exe -service [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-27 2214504]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-27 136176]
S2 Spooler32;Print Spooler ; [x]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-27 136176]
S3 SQ931;Zoom 2.0 Webcam;C:\Windows\system32\Drivers\Capt931a.sys --> C:\Windows\system32\Drivers\Capt931a.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-14 16:32:33 -------- d-----w- C:\Users\Owner\AppData\Local\{78FFA4C7-7EAF-4A1E-99ED-F11007CC2A6D}
2011-11-14 16:32:21 -------- d-----w- C:\Users\Owner\AppData\Local\{CAB54FFC-F5B4-4971-899E-D0D076201D3B}
2011-11-13 16:31:51 -------- d-----w- C:\Users\Owner\AppData\Local\{7F5EAD80-4CAB-4F7A-9077-10AEA979D724}
2011-11-13 16:31:39 -------- d-----w- C:\Users\Owner\AppData\Local\{F5CD04F2-36FF-437C-9745-960EC791EEFF}
2011-11-12 00:42:53 -------- d-----w- C:\Users\Owner\AppData\Local\{38CDE980-907B-4E4D-8072-535A4071DA67}
2011-11-12 00:42:41 -------- d-----w- C:\Users\Owner\AppData\Local\{73A4E1E7-CFD9-4136-8979-2AC9A323BED1}
2011-11-11 03:15:22 -------- d-----w- C:\Users\Owner\AppData\Roaming\c44aaQH66WK7
2011-11-11 03:15:17 -------- d-----w- C:\Users\Owner\AppData\Roaming\FQQJJ6dEK8fR9hX
2011-11-11 03:15:16 -------- d-----w- C:\Users\Owner\AppData\Roaming\tBBtzzPNycA1v
2011-11-11 03:15:11 -------- d-----w- C:\Users\Owner\AppData\Roaming\ZTTTXqqjYCeIBzO
2011-11-11 03:15:11 -------- d-----w- C:\Users\Owner\AppData\Roaming\QOOOBttxP0uS1bD
2011-11-11 03:15:06 -------- d-----w- C:\Users\Owner\AppData\Roaming\Y0yycAA1ivDon4a
2011-11-11 03:15:05 -------- d-----w- C:\Users\Owner\AppData\Roaming\FmmmH55sWJ7ELgT
2011-11-11 03:15:00 -------- d-----w- C:\Users\Owner\AppData\Roaming\weeekIIBrz
2011-11-11 03:13:56 -------- d-----w- C:\Users\Owner\AppData\Roaming\OccSS2ibb3
2011-11-11 03:12:56 -------- d-----w- C:\Users\Owner\AppData\Roaming\XTTZZqjYYe
2011-11-11 03:11:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\ZNNttxP0u
2011-11-11 03:10:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\wjUVelOBtP
2011-11-11 03:09:57 -------- d-----w- C:\Users\Owner\AppData\Roaming\eYXwjUVelBz0c1
2011-11-11 03:08:57 -------- d-----w- C:\Users\Owner\AppData\Roaming\PonG4amH6W7E9Tq
2011-11-11 03:07:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\unF4amH6sJfLgZj
2011-11-11 03:06:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\isQJ6dEK8R9YwUe
2011-11-11 03:05:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\qaQH6sWK7R9TqUe
2011-11-11 03:04:56 -------- d-----w- C:\Users\Owner\AppData\Roaming\WhTXwjUVeItPyAi
2011-11-11 03:03:55 -------- d-----w- C:\Users\Owner\AppData\Roaming\XlIBtzP0yA
2011-11-11 03:02:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\rS2obF4pm5Q7E8R
2011-11-11 03:01:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\fUVrlOBtx0c1b3n
2011-11-11 03:00:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\B6dWK8fRZhXjVlB
2011-11-11 02:59:56 -------- d-----w- C:\Users\Owner\AppData\Roaming\BZqhYXwkUrOtP
2011-11-11 02:58:56 -------- d-----w- C:\Users\Owner\AppData\Roaming\CD3pnG4aQ6W7R9T
2011-11-11 02:58:54 -------- d-----w- C:\Users\Owner\AppData\Roaming\x5aQJ6dEKfZhXjV
2011-11-11 02:58:49 -------- d-----w- C:\Users\Owner\AppData\Roaming\hrzPNycA1v2n4m5
2011-11-11 02:58:46 -------- d-----w- C:\Users\Owner\AppData\Roaming\tjUVelOBtP
2011-11-11 02:58:40 -------- d-----w- C:\Users\Owner\AppData\Roaming\ClOBtxP0uSiDpG
2011-11-11 02:58:38 -------- d-----w- C:\Users\Owner\AppData\Roaming\vA1ivD2on4m5W7E
2011-11-11 02:58:33 -------- d-----w- C:\Users\Owner\AppData\Roaming\ZwkUVrlOBx0c1b3
2011-11-11 02:58:31 -------- d-----w- C:\Users\Owner\AppData\Roaming\KhYXwjUVeOtPy
2011-11-11 02:58:26 -------- d-----w- C:\Users\Owner\AppData\Roaming\lgTZqhYCwIrOtAu
2011-11-11 02:58:25 -------- d-----w- C:\Users\Owner\AppData\Roaming\GsQJ7dEK8RqYwUr
2011-11-11 02:57:57 -------- d-----w- C:\Users\Owner\AppData\Roaming\q1ivD3onFaHsJfL
2011-11-11 02:57:54 -------- d-----w- C:\Users\Owner\AppData\Roaming\zvS2obF4pG
2011-11-11 02:57:37 -------- d-----w- C:\Users\Owner\AppData\Roaming\ygTZqjYCwIr
2011-11-11 02:57:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\xYXwkUVelBx0c1b
2011-11-11 02:57:29 -------- d-----w- C:\Users\Owner\AppData\Roaming\r7fEL8gTZjCkVzN
2011-11-11 02:57:27 -------- d-----w- C:\Users\Owner\AppData\Roaming\JS2obF3pm5Q6
2011-11-11 02:57:18 -------- d-----w- C:\Users\Owner\AppData\Roaming\B5aQJ6dWK8R9TwU
2011-11-11 02:57:16 -------- d-----w- C:\Users\Owner\AppData\Roaming\fZqhYXwkUrOtP
2011-11-11 02:57:10 -------- d-----w- C:\Users\Owner\AppData\Roaming\u9hTXwjUV
2011-11-11 02:57:08 -------- d-----w- C:\Users\Owner\AppData\Roaming\fEL9gTXqjC
2011-11-11 02:56:45 -------- d-----w- C:\Users\Owner\AppData\Roaming\qbFmGsQJ78Rq
2011-11-11 02:56:44 -------- d-----w- C:\Users\Owner\AppData\Roaming\HpmG5QdKZhXjVlB
2011-11-11 02:51:45 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2011-11-11 02:47:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\OYXwkUVrlB
2011-11-11 02:46:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\mpmH5sWJ7E
2011-11-11 02:45:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\naQH6dWK7R9TqUe
2011-11-11 02:44:52 -------- d-----w- C:\Users\Owner\AppData\Roaming\VbD3onG4a
2011-11-11 02:43:52 -------- d-----w- C:\Users\Owner\AppData\Roaming\JekIBrzPNx1v2b4
2011-11-11 02:42:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\NibD3onG4Q6W7R9
2011-11-11 02:41:54 -------- d-----w- C:\Users\Owner\AppData\Roaming\zUCelIBrzNc1v2n
2011-11-11 02:41:53 -------- d-----w- C:\Users\Owner\AppData\Roaming\zF4pmG5sQ7E8R
2011-11-11 02:41:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\rPSi3GQd8
2011-11-11 02:41:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\GelBNyA1io4HW7E
2011-11-11 02:41:39 -------- d-----w- C:\Users\Owner\AppData\Roaming\Q9hTXqjUClBzNc1
2011-11-11 02:41:39 -------- d-----w- C:\Users\Owner\AppData\Roaming\HPNycA1uv2n4m5W
2011-11-11 02:41:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\VaQH6dWK8
2011-11-11 02:41:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\L6dWK8fRLhX
2011-11-11 02:41:08 -------- d-----w- C:\Users\Owner\AppData\Roaming\KBrzPNycAu
2011-11-11 02:41:07 -------- d-----w- C:\Users\Owner\AppData\Roaming\tS2obF4pGs
2011-11-11 02:40:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\azONtxA0uSiFpGa
2011-11-11 02:40:43 -------- d-----w- C:\Users\Owner\AppData\Roaming\fA1ivD2on4m5W7E
2011-11-11 00:05:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\xHH55J7ddL8gZhC
2011-11-11 00:04:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\oUUUeekIBrPNxu
2011-11-11 00:03:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\Pu2b3n5aHKhwUeI
2011-11-11 00:02:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\OkIIVrrzOt
2011-11-11 00:01:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\whwUVVOz0c1v3Ga
2011-11-11 00:00:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\AA11u2b4msJd8Rh
2011-11-10 23:59:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\bqjUUllIrzPyAuD
2011-11-10 23:58:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\C00Sbpa6Wf9TjV
2011-11-10 23:57:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\QoobF3GQ6Eg9Yw
2011-11-10 23:56:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\SekkrzPxAu245
2011-11-10 23:55:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\RcS2i33GQ6WK8R9
2011-11-10 23:54:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\nXUeBzNciDoF
2011-11-10 23:53:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\yySiDo4msKfLgjC
2011-11-10 23:52:56 -------- d-----w- C:\Users\Owner\AppData\Roaming\nKKK8R9jeBPciDo
2011-11-10 23:51:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\ANyAv2HW7LTh
2011-11-10 23:50:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\bJ7dELhCIOt0c2
2011-11-10 23:49:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\wzOyAv2Fm5JdKgZ
2011-11-10 23:48:49 -------- d-----w- C:\Users\Owner\AppData\Roaming\zibF3pnG5QdKfZh
2011-11-10 23:47:36 -------- d-----w- C:\Users\Owner\AppData\Roaming\JHH66dWK8fRLhTw
2011-11-10 23:47:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\Q22oobF4pmH5QJ
2011-11-10 23:47:30 -------- d-----w- C:\Users\Owner\AppData\Roaming\H00yccS1ivD3nGa
2011-11-10 23:47:29 -------- d-----w- C:\Users\Owner\AppData\Roaming\xVVrrzONtxA0vSi
2011-11-10 23:47:24 -------- d-----w- C:\Users\Owner\AppData\Roaming\j66ddWKK7fL9h
2011-11-10 23:47:23 -------- d-----w- C:\Users\Owner\AppData\Roaming\YFFF4ppmG5sJ7
2011-11-10 23:47:17 -------- d-----w- C:\Users\Owner\AppData\Roaming\HNttxxA0ucS2bFp
2011-11-10 23:47:16 -------- d-----w- C:\Users\Owner\AppData\Roaming\xCCCellIBrzNyA1
2011-11-10 23:47:11 -------- d-----w- C:\Users\Owner\AppData\Roaming\dJJJ6ddEK8gZ9YX
2011-11-10 23:47:10 -------- d-----w- C:\Users\Owner\AppData\Roaming\JF44aamH6sWJfE9
2011-11-10 23:47:05 -------- d-----w- C:\Users\Owner\AppData\Roaming\YqhhYCCwkUVlOtx
2011-11-10 23:47:04 -------- d-----w- C:\Users\Owner\AppData\Roaming\v999gTTXqj
2011-11-10 00:25:17 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-10 00:25:17 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-10 00:25:16 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-10 00:25:10 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-10 00:20:32 -------- d-----w- C:\Program Files\iTunes
2011-11-10 00:20:32 -------- d-----w- C:\Program Files\iPod
2011-11-10 00:20:32 -------- d-----w- C:\Program Files (x86)\iTunes
2011-11-10 00:17:41 -------- d-----w- C:\Program Files\Bonjour
2011-11-10 00:17:41 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-08 12:10:26 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F8277FD-5C1B-4235-9589-B1DB509FD138}\mpengine.dll
2011-11-05 16:07:18 -------- d-----w- C:\Users\Owner\AppData\Local\{E52E0B98-04FF-4879-AC2E-73941622D067}
2011-11-05 16:07:08 -------- d-----w- C:\Users\Owner\AppData\Local\{4A8F6FD5-4AF6-4D66-98EF-CA879A8F65F2}
2011-10-31 23:28:15 -------- d-----w- C:\Users\Owner\AppData\Local\{929F7691-A32A-415D-8126-8161D19C1589}
2011-10-31 23:28:05 -------- d-----w- C:\Users\Owner\AppData\Local\{EB1F113D-44A4-42F7-9D74-1919BA5135B7}
2011-10-25 16:31:19 -------- d-----w- C:\Users\Owner\AppData\Local\{240E0B01-F793-489B-ABDC-5CBAC6870B58}
2011-10-25 16:31:08 -------- d-----w- C:\Users\Owner\AppData\Local\{08166204-79FD-49A3-BCBD-19437FF0535D}
2011-10-25 02:01:31 348160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcr71.dll
2011-10-25 02:01:31 155648 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll
2011-10-25 02:01:31 1060864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\mfc71.dll
2011-10-25 02:01:23 -------- d-----w- C:\Program Files (x86)\IBM
2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-24 04:28:37 -------- d-----w- C:\Users\Owner\AppData\Roaming\Command and Conquer 4
2011-10-24 04:28:35 -------- d-----w- C:\Users\Owner\AppData\Local\Electronic_Arts_Inc
2011-10-20 21:57:48 -------- d-----w- C:\Users\Owner\AppData\Local\{C543FC7F-95E8-4ABE-A1BD-31AD2065D9DF}
2011-10-20 21:57:37 -------- d-----w- C:\Users\Owner\AppData\Local\{EBABB5DC-443A-4D38-AC01-D0E978EB0531}
.
==================== Find3M ====================
.
2011-10-12 05:21:24 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 07:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 07:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 07:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 07:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
.
============= FINISH: 22:47:01.99 ===============

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 PM

Posted 18 November 2011 - 08:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Please post the logs and let me know what problem persists.

#5 armygreen

armygreen
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 19 November 2011 - 07:05 PM

Well, both of the problems seem to be resolved. I don't see any of the infected files on my computer any more. After I followed your instructions, I scanned my computer for viruses using ESET, and found 24 infiltrations, but I was able to delete all of them.

Here are the logs you wanted me to post. I'm not sure if you wanted them pasted or attached, so I'll do both. Thanks for your help.



ComboFix 11-11-19.04 - Owner 11/19/2011 13:54:35.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4093.2577 [GMT -8:00]
Running from: C:\Users\Owner\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files (x86)\LP
C:\Program Files (x86)\LP\6F60\2151.tmp
C:\Program Files (x86)\LP\6F60\2E9.tmp
C:\Program Files (x86)\LP\6F60\7E7A.tmp
C:\Program Files (x86)\LP\6F60\CD51.tmp
C:\Program Files (x86)\LP\6F60\EBA1.exe
C:\Program Files (x86)\LP\6F60\EBA1.tmp
C:\Program Files (x86)\LP\6F60\F483.tmp
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ix47aemq.default\extensions\{1c7e764f-de66-4335-a088-3a8e70ec81d5}
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ix47aemq.default\extensions\{1c7e764f-de66-4335-a088-3a8e70ec81d5}\chrome.manifest
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ix47aemq.default\extensions\{1c7e764f-de66-4335-a088-3a8e70ec81d5}\chrome\xulcache.jar
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ix47aemq.default\extensions\{1c7e764f-de66-4335-a088-3a8e70ec81d5}\defaults\preferences\xulcache.js
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ix47aemq.default\extensions\{1c7e764f-de66-4335-a088-3a8e70ec81d5}\install.rdf
C:\Windows\favicon.ico
C:\Windows\TEMP\GuardGuard.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_COMSysApp


((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))


2011-11-19 22:04:36 . 2011-11-19 22:04:36 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2011-11-19 22:04:36 . 2011-11-19 22:04:36 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-11-19 21:39:08 . 2011-11-19 21:39:08 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-19 21:39:05 . 2011-11-19 21:39:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-19 21:39:05 . 2011-09-01 01:00:50 25416 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-11-11 03:15:22 . 2011-11-11 03:15:22 -------- d-----w- C:\Users\Owner\AppData\Roaming\c44aaQH66WK7
2011-11-11 03:15:17 . 2011-11-11 03:15:17 -------- d-----w- C:\Users\Owner\AppData\Roaming\FQQJJ6dEK8fR9hX
2011-11-11 03:15:05 . 2011-11-11 03:15:05 -------- d-----w- C:\Users\Owner\AppData\Roaming\FmmmH55sWJ7ELgT
2011-11-11 03:14:59 . 2011-11-11 03:14:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\GEEK88gRZ9hYwkV
2011-11-11 03:14:54 . 2011-11-11 03:14:54 -------- d-----w- C:\Users\Owner\AppData\Roaming\HrrzzONtxA0uS2b
2011-11-11 03:14:48 . 2011-11-11 03:14:48 -------- d-----w- C:\Users\Owner\AppData\Roaming\AFF44pmmG5QJ7E8
2011-11-11 03:14:43 . 2011-11-11 03:14:43 -------- d-----w- C:\Users\Owner\AppData\Roaming\GhTTXwwjUV
2011-11-11 03:14:36 . 2011-11-11 03:14:36 -------- d-----w- C:\Users\Owner\AppData\Roaming\KlllOBttxPycSiD
2011-11-11 03:14:31 . 2011-11-11 03:14:31 -------- d-----w- C:\Users\Owner\AppData\Roaming\eRRRL9hhTXjUClB
2011-11-11 03:14:24 . 2011-11-11 03:14:24 -------- d-----w- C:\Users\Owner\AppData\Roaming\e88ffRZ9hYXwUVl
2011-11-11 03:14:14 . 2011-11-11 03:14:14 -------- d-----w- C:\Users\Owner\AppData\Roaming\AVVVelOOBtP0ySi
2011-11-11 03:13:50 . 2011-11-11 03:13:50 -------- d-----w- C:\Users\Owner\AppData\Roaming\jJJJ7fEEL9
2011-11-11 03:13:45 . 2011-11-11 03:13:45 -------- d-----w- C:\Users\Owner\AppData\Roaming\gLL9hhTXwjUClIt
2011-11-11 03:13:39 . 2011-11-11 03:13:39 -------- d-----w- C:\Users\Owner\AppData\Roaming\bgTTXXqjYCekBrO
2011-11-11 03:13:38 . 2011-11-11 03:13:38 -------- d-----w- C:\Users\Owner\AppData\Roaming\JYYYXwjjU
2011-11-11 03:13:19 . 2011-11-11 03:13:19 -------- d-----w- C:\Users\Owner\AppData\Roaming\AUUVVellIBzP0c1
2011-11-11 03:13:14 . 2011-11-11 03:13:14 -------- d-----w- C:\Users\Owner\AppData\Roaming\gtxxPP0ucS2iD3
2011-11-11 03:13:01 . 2011-11-11 03:13:01 -------- d-----w- C:\Users\Owner\AppData\Roaming\evvvS22obF4mGsQ
2011-11-11 03:12:56 . 2011-11-11 03:12:56 -------- d-----w- C:\Users\Owner\AppData\Roaming\HKK88fRZ9hT
2011-11-11 03:12:51 . 2011-11-11 03:12:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\hwwwkUUVr
2011-11-11 03:12:38 . 2011-11-11 03:12:38 -------- d-----w- C:\Users\Owner\AppData\Roaming\JkIIBBrzONyx
2011-11-11 03:12:33 . 2011-11-11 03:12:33 -------- d-----w- C:\Users\Owner\AppData\Roaming\jAAA1ivvD3
2011-11-11 03:12:26 . 2011-11-11 03:12:26 -------- d-----w- C:\Users\Owner\AppData\Roaming\B66ddEK88R
2011-11-11 03:12:22 . 2011-11-11 03:12:22 -------- d-----w- C:\Users\Owner\AppData\Roaming\jEEEL8ggTZjYCkV
2011-11-11 03:11:57 . 2011-11-11 03:11:57 -------- d-----w- C:\Users\Owner\AppData\Roaming\EqjjUCCekIBzPyx
2011-11-11 03:11:52 . 2011-11-11 03:11:52 -------- d-----w- C:\Users\Owner\AppData\Roaming\gcccS11ivD3nGam
2011-11-11 03:11:41 . 2011-11-11 03:11:41 -------- d-----w- C:\Users\Owner\AppData\Roaming\AAA00uvS2obFpm5
2011-11-11 03:11:22 . 2011-11-11 03:11:22 -------- d-----w- C:\Users\Owner\AppData\Roaming\HYYCCekIBrzOyx1
2011-11-11 03:11:16 . 2011-11-11 03:11:16 -------- d-----w- C:\Users\Owner\AppData\Roaming\dLL88gTZqhYC
2011-11-11 03:11:11 . 2011-11-11 03:11:11 -------- d-----w- C:\Users\Owner\AppData\Roaming\BL9gTXqjUeIrPyA
2011-11-11 03:11:03 . 2011-11-11 03:11:03 -------- d-----w- C:\Users\Owner\AppData\Roaming\bL9gTXqjUeIrPy
2011-11-11 03:10:39 . 2011-11-11 03:10:39 -------- d-----w- C:\Users\Owner\AppData\Roaming\JnF4amH6sJfLgZj
2011-11-11 03:10:04 . 2011-11-11 03:10:04 -------- d-----w- C:\Users\Owner\AppData\Roaming\gK8fRL9hTwUeItP
2011-11-11 03:10:03 . 2011-11-11 03:10:03 -------- d-----w- C:\Users\Owner\AppData\Roaming\hTXqjUCekBzNx1v
2011-11-11 03:09:57 . 2011-11-11 03:09:57 -------- d-----w- C:\Users\Owner\AppData\Roaming\eYXwjUVelBz0c1
2011-11-11 03:09:50 . 2011-11-11 03:09:50 -------- d-----w- C:\Users\Owner\AppData\Roaming\AsWK7fEL9TqY
2011-11-11 03:09:45 . 2011-11-11 03:09:45 -------- d-----w- C:\Users\Owner\AppData\Roaming\DVelIBtzPyAiDo
2011-11-11 03:09:39 . 2011-11-11 03:09:39 -------- d-----w- C:\Users\Owner\AppData\Roaming\f3onG4aQHs
2011-11-11 03:09:38 . 2011-11-11 03:09:38 -------- d-----w- C:\Users\Owner\AppData\Roaming\i3onF4amHsJfLgZ
2011-11-11 03:09:33 . 2011-11-11 03:09:33 -------- d-----w- C:\Users\Owner\AppData\Roaming\F9hTXwjUClBzNc1
2011-11-11 03:09:27 . 2011-11-11 03:09:27 -------- d-----w- C:\Users\Owner\AppData\Roaming\C6dEK8fRZhXjVlB
2011-11-11 03:09:21 . 2011-11-11 03:09:21 -------- d-----w- C:\Users\Owner\AppData\Roaming\InG4aQH6d
2011-11-11 03:09:14 . 2011-11-11 03:09:14 -------- d-----w- C:\Users\Owner\AppData\Roaming\EuvD2onF4m
2011-11-11 03:09:09 . 2011-11-11 03:09:09 -------- d-----w- C:\Users\Owner\AppData\Roaming\gWK7fRL9gXj
2011-11-11 03:08:49 . 2011-11-11 03:08:49 -------- d-----w- C:\Users\Owner\AppData\Roaming\k6sWK7fELgXjCkB
2011-11-11 03:08:37 . 2011-11-11 03:08:37 -------- d-----w- C:\Users\Owner\AppData\Roaming\E6dWK8fRZhXjVlB
2011-11-11 03:08:18 . 2011-11-11 03:08:18 -------- d-----w- C:\Users\Owner\AppData\Roaming\JxA0uvS2iFpGaJd
2011-11-11 03:08:13 . 2011-11-11 03:08:13 -------- d-----w- C:\Users\Owner\AppData\Roaming\GvD2onF4pHsJdLg
2011-11-11 03:08:12 . 2011-11-11 03:08:12 -------- d-----w- C:\Users\Owner\AppData\Roaming\BS2obF4pm5
2011-11-11 03:08:06 . 2011-11-11 03:08:06 -------- d-----w- C:\Users\Owner\AppData\Roaming\h5aQJ6dWKfZh
2011-11-11 03:07:53 . 2011-11-11 03:07:53 -------- d-----w- C:\Users\Owner\AppData\Roaming\eG4aQH6sW7R9TqU
2011-11-11 03:07:42 . 2011-11-11 03:07:42 -------- d-----w- C:\Users\Owner\AppData\Roaming\aUVrlOBtx0c1b3n
2011-11-11 03:07:41 . 2011-11-11 03:07:41 -------- d-----w- C:\Users\Owner\AppData\Roaming\JamH6sWK7E9TqYe
2011-11-11 03:07:36 . 2011-11-11 03:07:36 -------- d-----w- C:\Users\Owner\AppData\Roaming\jRZ9hTXwjVlBz
2011-11-11 03:07:29 . 2011-11-11 03:07:29 -------- d-----w- C:\Users\Owner\AppData\Roaming\aYCekIVrzNx0v2b
2011-11-11 03:07:24 . 2011-11-11 03:07:24 -------- d-----w- C:\Users\Owner\AppData\Roaming\i2onF4amHs
2011-11-11 03:07:18 . 2011-11-11 03:07:18 -------- d-----w- C:\Users\Owner\AppData\Roaming\eBrzONyxAuSoFp
2011-11-11 03:07:12 . 2011-11-11 03:07:12 -------- d-----w- C:\Users\Owner\AppData\Roaming\kIBrzPNyc1v2n4
2011-11-11 03:06:59 . 2011-11-11 03:06:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\isQJ6dEK8R9YwUe
2011-11-11 03:06:46 . 2011-11-11 03:06:46 -------- d-----w- C:\Users\Owner\AppData\Roaming\AxA0uvS2iFpGaJd
2011-11-11 03:06:28 . 2011-11-11 03:06:28 -------- d-----w- C:\Users\Owner\AppData\Roaming\cuvS2obF3m5Q6E8
2011-11-11 03:06:27 . 2011-11-11 03:06:27 -------- d-----w- C:\Users\Owner\AppData\Roaming\JbF3pnG5aJdKfZh
2011-11-11 03:06:22 . 2011-11-11 03:06:22 -------- d-----w- C:\Users\Owner\AppData\Roaming\FZqhYCwkUrOtPuS
2011-11-11 03:06:21 . 2011-11-11 03:06:21 -------- d-----w- C:\Users\Owner\AppData\Roaming\dP0ycS1ib
2011-11-11 03:06:16 . 2011-11-11 03:06:16 -------- d-----w- C:\Users\Owner\AppData\Roaming\AH5sWJ7fE8TqYwI
2011-11-11 03:06:05 . 2011-11-11 03:06:05 -------- d-----w- C:\Users\Owner\AppData\Roaming\DzONyxA0uSoFpGs
2011-11-11 03:06:04 . 2011-11-11 03:06:04 -------- d-----w- C:\Users\Owner\AppData\Roaming\aRZ9hTXwjVlBz
2011-11-11 03:05:53 . 2011-11-11 03:05:53 -------- d-----w- C:\Users\Owner\AppData\Roaming\GsWJ7fEL8TqYwIr
2011-11-11 03:05:42 . 2011-11-11 03:05:42 -------- d-----w- C:\Users\Owner\AppData\Roaming\FjYCekIVrOyA
2011-11-11 03:05:25 . 2011-11-11 03:05:25 -------- d-----w- C:\Users\Owner\AppData\Roaming\FaQH6dWK7R9TqUe
2011-11-11 03:05:18 . 2011-11-11 03:05:18 -------- d-----w- C:\Users\Owner\AppData\Roaming\bnG5aQJ6dKfZhXj
2011-11-11 03:05:07 . 2011-11-11 03:05:07 -------- d-----w- C:\Users\Owner\AppData\Roaming\jwkIVrzONx
2011-11-11 03:05:01 . 2011-11-11 03:05:01 -------- d-----w- C:\Users\Owner\AppData\Roaming\IxP0ucS1iDpG
2011-11-11 03:05:00 . 2011-11-11 03:05:00 -------- d-----w- C:\Users\Owner\AppData\Roaming\DcS1ivD3oGaHsKf
2011-11-11 03:04:50 . 2011-11-11 03:04:50 -------- d-----w- C:\Users\Owner\AppData\Roaming\fK7fRL9gTqUeIrP
2011-11-11 03:04:43 . 2011-11-11 03:04:43 -------- d-----w- C:\Users\Owner\AppData\Roaming\CbF4pmH5sJdLgZh
2011-11-11 03:04:24 . 2011-11-11 03:04:24 -------- d-----w- C:\Users\Owner\AppData\Roaming\aCelIBrzPyAuDoF
2011-11-11 03:04:06 . 2011-11-11 03:04:06 -------- d-----w- C:\Users\Owner\AppData\Roaming\HF4amH5sW7E8TqY
2011-11-11 03:03:54 . 2011-11-11 03:03:54 -------- d-----w- C:\Users\Owner\AppData\Roaming\jPNycA1uv2n4m5W
2011-11-11 03:03:36 . 2011-11-11 03:03:36 -------- d-----w- C:\Users\Owner\AppData\Roaming\awkIVrzONx
2011-11-11 03:03:30 . 2011-11-11 03:03:30 -------- d-----w- C:\Users\Owner\AppData\Roaming\c2obF4pmGsJdKgZ
2011-11-11 03:03:24 . 2011-11-11 03:03:24 -------- d-----w- C:\Users\Owner\AppData\Roaming\D0ucS2ibF3n5Q6
2011-11-11 03:03:11 . 2011-11-11 03:03:11 -------- d-----w- C:\Users\Owner\AppData\Roaming\cgRZqhYCwUrOtPu
2011-11-11 03:03:07 . 2011-11-11 03:03:07 -------- d-----w- C:\Users\Owner\AppData\Roaming\JzONyxA1uSoFpGs
2011-11-11 03:03:05 . 2011-11-11 03:03:05 -------- d-----w- C:\Users\Owner\AppData\Roaming\fjYCwkIVrOtAuSi
2011-11-11 03:03:00 . 2011-11-11 03:03:00 -------- d-----w- C:\Users\Owner\AppData\Roaming\g1uvD2onFpHsJdL
2011-11-11 03:02:16 . 2011-11-11 03:02:16 -------- d-----w- C:\Users\Owner\AppData\Roaming\epmG5sQJ6E8
2011-11-11 03:01:58 . 2011-11-11 03:01:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\fUVrlOBtx0c1b3n
2011-11-11 03:01:54 . 2011-11-11 03:01:54 -------- d-----w- C:\Users\Owner\AppData\Roaming\a3pmG5sQJd
2011-11-11 03:01:46 . 2011-11-11 03:01:46 -------- d-----w- C:\Users\Owner\AppData\Roaming\gtxP0ycS1b3n4Q6
2011-11-11 03:01:36 . 2011-11-11 03:01:36 -------- d-----w- C:\Users\Owner\AppData\Roaming\AdWK7fRL9
2011-11-11 03:01:35 . 2011-11-11 03:01:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\HfEL9gTXqYeIrOy
2011-11-11 03:01:30 . 2011-11-11 03:01:30 -------- d-----w- C:\Users\Owner\AppData\Roaming\g1ivD3onFaH
2011-11-11 03:01:08 . 2011-11-11 03:01:08 -------- d-----w- C:\Users\Owner\AppData\Roaming\kekIVrzONx0v2b
2011-11-11 03:01:02 . 2011-11-11 03:01:02 -------- d-----w- C:\Users\Owner\AppData\Roaming\akUVrlONtP
2011-11-11 03:00:59 . 2011-11-11 03:00:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\B6dWK8fRZhXjVlB
2011-11-11 03:00:54 . 2011-11-11 03:00:54 -------- d-----w- C:\Users\Owner\AppData\Roaming\H1uvD2obFpHsJdL
2011-11-11 03:00:47 . 2011-11-11 03:00:47 -------- d-----w- C:\Users\Owner\AppData\Roaming\gL9hTXwjUeItPyA
2011-11-11 03:00:40 . 2011-11-11 03:00:40 -------- d-----w- C:\Users\Owner\AppData\Roaming\KlIBtzPNyAiDoFa
2011-11-11 03:00:17 . 2011-11-11 03:00:17 -------- d-----w- C:\Users\Owner\AppData\Roaming\bycA1ivD2n4
2011-11-11 03:00:03 . 2011-11-11 03:00:03 -------- d-----w- C:\Users\Owner\AppData\Roaming\gYXwjUVelBz0c1
2011-11-11 02:59:56 . 2011-11-11 02:59:56 -------- d-----w- C:\Users\Owner\AppData\Roaming\BZqhYXwkUrOtP
2011-11-11 02:59:50 . 2011-11-11 02:59:50 -------- d-----w- C:\Users\Owner\AppData\Roaming\gpmH5sWJ7E8TqYw
2011-11-11 02:59:48 . 2011-11-11 02:59:48 -------- d-----w- C:\Users\Owner\AppData\Roaming\BEL9gTXqjC
2011-11-11 02:59:42 . 2011-11-11 02:59:42 -------- d-----w- C:\Users\Owner\AppData\Roaming\eUCelIBrzPyAuDo
2011-11-11 02:59:18 . 2011-11-11 02:59:18 -------- d-----w- C:\Users\Owner\AppData\Roaming\BJ7dEK8gRqYwU
2011-11-11 02:59:16 . 2011-11-11 02:59:16 -------- d-----w- C:\Users\Owner\AppData\Roaming\fYCwkIVrzNx0v2b
2011-11-11 02:59:03 . 2011-11-11 02:59:03 -------- d-----w- C:\Users\Owner\AppData\Roaming\gaQH6dWK7R9
2011-11-11 02:59:01 . 2011-11-11 02:59:01 -------- d-----w- C:\Users\Owner\AppData\Roaming\DibF3pmG5Q6E8R9
2011-11-11 02:58:56 . 2011-11-11 02:58:56 -------- d-----w- C:\Users\Owner\AppData\Roaming\CD3pnG4aQ6W7R9T
2011-11-11 02:58:49 . 2011-11-11 02:58:49 -------- d-----w- C:\Users\Owner\AppData\Roaming\hrzPNycA1v2n4m5
2011-11-11 02:58:40 . 2011-11-11 02:58:40 -------- d-----w- C:\Users\Owner\AppData\Roaming\ClOBtxP0uSiDpG
2011-11-11 02:58:31 . 2011-11-11 02:58:31 -------- d-----w- C:\Users\Owner\AppData\Roaming\KhYXwjUVeOtPy
2011-11-11 02:58:25 . 2011-11-11 02:58:25 -------- d-----w- C:\Users\Owner\AppData\Roaming\GsQJ7dEK8RqYwUr
2011-11-11 02:57:27 . 2011-11-11 02:57:27 -------- d-----w- C:\Users\Owner\AppData\Roaming\JS2obF3pm5Q6
2011-11-11 02:57:18 . 2011-11-11 02:57:18 -------- d-----w- C:\Users\Owner\AppData\Roaming\B5aQJ6dWK8R9TwU
2011-11-11 02:57:16 . 2011-11-11 02:57:16 -------- d-----w- C:\Users\Owner\AppData\Roaming\fZqhYXwkUrOtP
2011-11-11 02:57:08 . 2011-11-11 02:57:08 -------- d-----w- C:\Users\Owner\AppData\Roaming\fEL9gTXqjC
2011-11-11 02:56:44 . 2011-11-11 02:56:44 -------- d-----w- C:\Users\Owner\AppData\Roaming\HpmG5QdKZhXjVlB
2011-11-11 02:51:45 . 2011-11-11 02:51:45 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-10-12 05:21:24 . 2011-05-28 19:04:16 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 05:24:07 . 2011-10-12 05:06:13 2309120 ----a-w- C:\Windows\system32\jscript9.dll
2011-09-01 05:17:57 . 2011-10-12 05:06:14 1389056 ----a-w- C:\Windows\system32\wininet.dll
2011-09-01 05:12:04 . 2011-10-12 05:06:16 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2011-09-01 02:35:59 . 2011-10-12 05:06:13 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 . 2011-10-12 05:06:14 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 . 2011-10-12 05:06:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 07:05:32 . 2011-08-31 07:05:32 96104 ----a-w- C:\Windows\system32\dns-sd.exe
2011-08-31 07:05:32 . 2011-08-31 07:05:32 85864 ----a-w- C:\Windows\system32\dnssd.dll
2011-08-31 07:05:04 . 2011-08-31 07:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 07:05:04 . 2011-08-31 07:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-27 05:37:49 . 2011-10-12 05:05:42 861696 ----a-w- C:\Windows\system32\oleaut32.dll
2011-08-27 05:37:48 . 2011-10-12 05:05:43 331776 ----a-w- C:\Windows\system32\oleacc.dll
2011-08-27 04:26:27 . 2011-10-12 05:05:43 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-27 04:26:27 . 2011-10-12 05:05:42 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="C:\Program Files\PeerBlock\peerblock.exe" [2010-11-07 05:24:36 2646128]
"EA Core"="C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" [2009-09-03 21:17:14 3342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AHNSD"="C:\Program Files (x86)\AhnLab\Smart Update Utility\AhnSD.exe" [2010-01-14 01:00:00 223976]
"Guard.Mail.ru.gui"="C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe" [2011-06-06 01:42:10 1472720]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 22:58:10 37296]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 15:22:28 59240]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 02:06:40 421736]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2011-10-24 22:28:52 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 20:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 21:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 11:00:54 136176]
R2 Spooler32;Print Spooler ; [x]
R3 AhnFlt2k;AhnFlt2k;C:\Windows\system32\Drivers\AhnFlt2k.sys [x]
R3 AhnRec2k;AhnRec2k;C:\Windows\system32\Drivers\AhnRec2k.sys [x]
R3 AhnRghNt;AhnRghNt;C:\Windows\system32\Drivers\AhnRghNt.sys [x]
R3 ATamptNt_V3IS2007;ATamptNt_V3IS2007;C:\PROGRA~1\AhnLab\V3IS2007\ATamptNt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 11:00:54 136176]
R3 SQ931;Zoom 2.0 Webcam;C:\Windows\system32\Drivers\Capt931a.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [x]
S2 AhnLab Task Scheduler;AhnLab Task Scheduler;C:\Program Files (x86)\AhnLab\Smart Update Utility\AhnSDsv.exe [2010-01-14 01:00:00 174824]
S2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-02-22 07:50:16 810120]
S2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys [x]
S2 Guard.Mail.ru;Guard.Mail.ru;C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe [2011-06-06 01:42:10 1472720]
S2 lxdn_device;lxdn_device;C:\Windows\system32\lxdncoms.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 13:01:00 2214504]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys [x]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-11-07 05:24:34 24176]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys [x]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - PBFILTER

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Contents of the 'Scheduled Tasks' folder

2011-11-19 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 11:00:56 . 2010-04-27 11:00:54]

2011-11-19 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 11:00:56 . 2010-04-27 11:00:54]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 11:25:44 1612880]
"Launch LgDeviceAgent"="C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 03:49:52 415816]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 03:27:52 2093128]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 03:47:56 4271688]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2010-02-22 07:49:58 2837256]
"combofix"="C:\ComboFix\CF10913.3XE" [2010-11-20 13:24:33 345088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.apeha.ru
mLocal Page = C:\Windows\SysWOW64\blank.htm
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
Trusted Zone: army.mil\www.us
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ix47aemq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

- - - - ORPHANS REMOVED - - - -

BHO-{0160CE27-16FC-470D-804F-FEABCD6886E6} - (no file)
AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe




Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8197

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/19/2011 1:46:01 PM
mbam-log-2011-11-19 (13-46-01).txt

Scan type: Quick scan
Objects scanned: 190283
Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FD0.exe (Backdoor.CycBot) -> Value: FD0.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 PM

Posted 20 November 2011 - 10:28 AM

Open notepad and copy/paste the text in the quote box below into it:

Folder::
C:\Users\Owner\AppData\Roaming\c44aaQH66WK7
C:\Users\Owner\AppData\Roaming\FQQJJ6dEK8fR9hX
C:\Users\Owner\AppData\Roaming\FmmmH55sWJ7ELgT
C:\Users\Owner\AppData\Roaming\GEEK88gRZ9hYwkV
C:\Users\Owner\AppData\Roaming\HrrzzONtxA0uS2b
C:\Users\Owner\AppData\Roaming\AFF44pmmG5QJ7E8
C:\Users\Owner\AppData\Roaming\GhTTXwwjUV
C:\Users\Owner\AppData\Roaming\KlllOBttxPycSiD
C:\Users\Owner\AppData\Roaming\eRRRL9hhTXjUClB
C:\Users\Owner\AppData\Roaming\e88ffRZ9hYXwUVl
C:\Users\Owner\AppData\Roaming\AVVVelOOBtP0ySi
C:\Users\Owner\AppData\Roaming\jJJJ7fEEL9
C:\Users\Owner\AppData\Roaming\gLL9hhTXwjUClIt
C:\Users\Owner\AppData\Roaming\bgTTXXqjYCekBrO
C:\Users\Owner\AppData\Roaming\JYYYXwjjU
C:\Users\Owner\AppData\Roaming\AUUVVellIBzP0c1
C:\Users\Owner\AppData\Roaming\gtxxPP0ucS2iD3
C:\Users\Owner\AppData\Roaming\evvvS22obF4mGsQ
C:\Users\Owner\AppData\Roaming\HKK88fRZ9hT
C:\Users\Owner\AppData\Roaming\hwwwkUUVr
C:\Users\Owner\AppData\Roaming\JkIIBBrzONyx
C:\Users\Owner\AppData\Roaming\jAAA1ivvD3
C:\Users\Owner\AppData\Roaming\B66ddEK88R
C:\Users\Owner\AppData\Roaming\jEEEL8ggTZjYCkV
C:\Users\Owner\AppData\Roaming\EqjjUCCekIBzPyx
C:\Users\Owner\AppData\Roaming\gcccS11ivD3nGam
C:\Users\Owner\AppData\Roaming\AAA00uvS2obFpm5
C:\Users\Owner\AppData\Roaming\HYYCCekIBrzOyx1
C:\Users\Owner\AppData\Roaming\dLL88gTZqhYC
C:\Users\Owner\AppData\Roaming\BL9gTXqjUeIrPyA
C:\Users\Owner\AppData\Roaming\bL9gTXqjUeIrPy
C:\Users\Owner\AppData\Roaming\JnF4amH6sJfLgZj
C:\Users\Owner\AppData\Roaming\gK8fRL9hTwUeItP
C:\Users\Owner\AppData\Roaming\hTXqjUCekBzNx1v
 C:\Users\Owner\AppData\Roaming\eYXwjUVelBz0c1
C:\Users\Owner\AppData\Roaming\AsWK7fEL9TqY
C:\Users\Owner\AppData\Roaming\DVelIBtzPyAiDo
C:\Users\Owner\AppData\Roaming\f3onG4aQHs
C:\Users\Owner\AppData\Roaming\i3onF4amHsJfLgZ
C:\Users\Owner\AppData\Roaming\F9hTXwjUClBzNc1
C:\Users\Owner\AppData\Roaming\C6dEK8fRZhXjVlB
C:\Users\Owner\AppData\Roaming\InG4aQH6d
C:\Users\Owner\AppData\Roaming\EuvD2onF4m
C:\Users\Owner\AppData\Roaming\gWK7fRL9gXj
C:\Users\Owner\AppData\Roaming\k6sWK7fELgXjCkB
C:\Users\Owner\AppData\Roaming\E6dWK8fRZhXjVlB
C:\Users\Owner\AppData\Roaming\JxA0uvS2iFpGaJd
C:\Users\Owner\AppData\Roaming\GvD2onF4pHsJdLg
C:\Users\Owner\AppData\Roaming\BS2obF4pm5
C:\Users\Owner\AppData\Roaming\h5aQJ6dWKfZh
C:\Users\Owner\AppData\Roaming\eG4aQH6sW7R9TqU
C:\Users\Owner\AppData\Roaming\aUVrlOBtx0c1b3n
C:\Users\Owner\AppData\Roaming\JamH6sWK7E9TqYe
C:\Users\Owner\AppData\Roaming\jRZ9hTXwjVlBz
C:\Users\Owner\AppData\Roaming\aYCekIVrzNx0v2b
C:\Users\Owner\AppData\Roaming\i2onF4amHs
C:\Users\Owner\AppData\Roaming\eBrzONyxAuSoFp
C:\Users\Owner\AppData\Roaming\kIBrzPNyc1v2n4
C:\Users\Owner\AppData\Roaming\isQJ6dEK8R9YwUe
C:\Users\Owner\AppData\Roaming\AxA0uvS2iFpGaJd
C:\Users\Owner\AppData\Roaming\cuvS2obF3m5Q6E8
C:\Users\Owner\AppData\Roaming\JbF3pnG5aJdKfZh
C:\Users\Owner\AppData\Roaming\FZqhYCwkUrOtPuS
C:\Users\Owner\AppData\Roaming\dP0ycS1ib
C:\Users\Owner\AppData\Roaming\AH5sWJ7fE8TqYwI
C:\Users\Owner\AppData\Roaming\DzONyxA0uSoFpGs
C:\Users\Owner\AppData\Roaming\aRZ9hTXwjVlBz
C:\Users\Owner\AppData\Roaming\GsWJ7fEL8TqYwIr
C:\Users\Owner\AppData\Roaming\FjYCekIVrOyA
C:\Users\Owner\AppData\Roaming\FaQH6dWK7R9TqUe
C:\Users\Owner\AppData\Roaming\bnG5aQJ6dKfZhXj
C:\Users\Owner\AppData\Roaming\jwkIVrzONx
C:\Users\Owner\AppData\Roaming\IxP0ucS1iDpG
C:\Users\Owner\AppData\Roaming\DcS1ivD3oGaHsKf
C:\Users\Owner\AppData\Roaming\fK7fRL9gTqUeIrP
C:\Users\Owner\AppData\Roaming\CbF4pmH5sJdLgZh
C:\Users\Owner\AppData\Roaming\aCelIBrzPyAuDoF
C:\Users\Owner\AppData\Roaming\HF4amH5sW7E8TqY
C:\Users\Owner\AppData\Roaming\jPNycA1uv2n4m5W
C:\Users\Owner\AppData\Roaming\awkIVrzONx
C:\Users\Owner\AppData\Roaming\c2obF4pmGsJdKgZ
C:\Users\Owner\AppData\Roaming\D0ucS2ibF3n5Q6
C:\Users\Owner\AppData\Roaming\cgRZqhYCwUrOtPu
C:\Users\Owner\AppData\Roaming\JzONyxA1uSoFpGs
C:\Users\Owner\AppData\Roaming\fjYCwkIVrOtAuSi
 C:\Users\Owner\AppData\Roaming\g1uvD2onFpHsJdL
C:\Users\Owner\AppData\Roaming\epmG5sQJ6E8
C:\Users\Owner\AppData\Roaming\fUVrlOBtx0c1b3n
C:\Users\Owner\AppData\Roaming\a3pmG5sQJd
C:\Users\Owner\AppData\Roaming\gtxP0ycS1b3n4Q6
C:\Users\Owner\AppData\Roaming\AdWK7fRL9
C:\Users\Owner\AppData\Roaming\HfEL9gTXqYeIrOy
C:\Users\Owner\AppData\Roaming\g1ivD3onFaH
C:\Users\Owner\AppData\Roaming\kekIVrzONx0v2b
C:\Users\Owner\AppData\Roaming\akUVrlONtP
C:\Users\Owner\AppData\Roaming\B6dWK8fRZhXjVlB
C:\Users\Owner\AppData\Roaming\H1uvD2obFpHsJdL
C:\Users\Owner\AppData\Roaming\gL9hTXwjUeItPyA
C:\Users\Owner\AppData\Roaming\KlIBtzPNyAiDoFa
C:\Users\Owner\AppData\Roaming\bycA1ivD2n4
C:\Users\Owner\AppData\Roaming\gYXwjUVelBz0c1
C:\Users\Owner\AppData\Roaming\BZqhYXwkUrOtP
C:\Users\Owner\AppData\Roaming\gpmH5sWJ7E8TqYw
C:\Users\Owner\AppData\Roaming\BEL9gTXqjC
C:\Users\Owner\AppData\Roaming\eUCelIBrzPyAuDo
C:\Users\Owner\AppData\Roaming\BJ7dEK8gRqYwU
C:\Users\Owner\AppData\Roaming\fYCwkIVrzNx0v2b
C:\Users\Owner\AppData\Roaming\gaQH6dWK7R9
C:\Users\Owner\AppData\Roaming\DibF3pmG5Q6E8R9
C:\Users\Owner\AppData\Roaming\CD3pnG4aQ6W7R9T
 C:\Users\Owner\AppData\Roaming\hrzPNycA1v2n4m5
 C:\Users\Owner\AppData\Roaming\ClOBtxP0uSiDpG
C:\Users\Owner\AppData\Roaming\KhYXwjUVeOtPy
C:\Users\Owner\AppData\Roaming\GsQJ7dEK8RqYwUr
C:\Users\Owner\AppData\Roaming\JS2obF3pm5Q6
C:\Users\Owner\AppData\Roaming\B5aQJ6dWK8R9TwU
C:\Users\Owner\AppData\Roaming\fZqhYXwkUrOtP
C:\Users\Owner\AppData\Roaming\fEL9gTXqjC
C:\Users\Owner\AppData\Roaming\HpmG5QdKZhXjVlB

Driver::
Spooler32

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Let me know what problem persists.

#7 armygreen

armygreen
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 20 November 2011 - 02:56 PM

When I insert a CD/DVD into my computer and the auto-play pops up, it only gives me the options to view it as pictures or open the folder. The actual auto-play option is gone. I know how to go into the folder and use auto-play from there, but it's still annoying. I thought this might have something to do with not re-enabling my CD Emulator Drivers with Defogger, so I used that, but it didn't fix anything.


ComboFix 11-11-19.04 - Owner 11/20/2011 9:21.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4093.2294 [GMT -8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Roaming\a3pmG5sQJd
c:\users\Owner\AppData\Roaming\AAA00uvS2obFpm5
c:\users\Owner\AppData\Roaming\aCelIBrzPyAuDoF
c:\users\Owner\AppData\Roaming\AdWK7fRL9
c:\users\Owner\AppData\Roaming\AFF44pmmG5QJ7E8
c:\users\Owner\AppData\Roaming\AH5sWJ7fE8TqYwI
c:\users\Owner\AppData\Roaming\akUVrlONtP
c:\users\Owner\AppData\Roaming\aRZ9hTXwjVlBz
c:\users\Owner\AppData\Roaming\AsWK7fEL9TqY
c:\users\Owner\AppData\Roaming\AUUVVellIBzP0c1
c:\users\Owner\AppData\Roaming\aUVrlOBtx0c1b3n
c:\users\Owner\AppData\Roaming\AVVVelOOBtP0ySi
c:\users\Owner\AppData\Roaming\awkIVrzONx
c:\users\Owner\AppData\Roaming\AxA0uvS2iFpGaJd
c:\users\Owner\AppData\Roaming\aYCekIVrzNx0v2b
c:\users\Owner\AppData\Roaming\B5aQJ6dWK8R9TwU
c:\users\Owner\AppData\Roaming\B66ddEK88R
c:\users\Owner\AppData\Roaming\B6dWK8fRZhXjVlB
c:\users\Owner\AppData\Roaming\BEL9gTXqjC
c:\users\Owner\AppData\Roaming\bgTTXXqjYCekBrO
c:\users\Owner\AppData\Roaming\BJ7dEK8gRqYwU
c:\users\Owner\AppData\Roaming\bL9gTXqjUeIrPy
c:\users\Owner\AppData\Roaming\BL9gTXqjUeIrPyA
c:\users\Owner\AppData\Roaming\bnG5aQJ6dKfZhXj
c:\users\Owner\AppData\Roaming\BS2obF4pm5
c:\users\Owner\AppData\Roaming\bycA1ivD2n4
c:\users\Owner\AppData\Roaming\BZqhYXwkUrOtP
c:\users\Owner\AppData\Roaming\c2obF4pmGsJdKgZ
c:\users\Owner\AppData\Roaming\c44aaQH66WK7
c:\users\Owner\AppData\Roaming\C6dEK8fRZhXjVlB
c:\users\Owner\AppData\Roaming\CbF4pmH5sJdLgZh
c:\users\Owner\AppData\Roaming\CD3pnG4aQ6W7R9T
c:\users\Owner\AppData\Roaming\cgRZqhYCwUrOtPu
c:\users\Owner\AppData\Roaming\ClOBtxP0uSiDpG
c:\users\Owner\AppData\Roaming\cuvS2obF3m5Q6E8
c:\users\Owner\AppData\Roaming\D0ucS2ibF3n5Q6
c:\users\Owner\AppData\Roaming\DcS1ivD3oGaHsKf
c:\users\Owner\AppData\Roaming\DibF3pmG5Q6E8R9
c:\users\Owner\AppData\Roaming\dLL88gTZqhYC
c:\users\Owner\AppData\Roaming\dP0ycS1ib
c:\users\Owner\AppData\Roaming\DVelIBtzPyAiDo
c:\users\Owner\AppData\Roaming\DzONyxA0uSoFpGs
c:\users\Owner\AppData\Roaming\E6dWK8fRZhXjVlB
c:\users\Owner\AppData\Roaming\e88ffRZ9hYXwUVl
c:\users\Owner\AppData\Roaming\eBrzONyxAuSoFp
c:\users\Owner\AppData\Roaming\eG4aQH6sW7R9TqU
c:\users\Owner\AppData\Roaming\epmG5sQJ6E8
c:\users\Owner\AppData\Roaming\EqjjUCCekIBzPyx
c:\users\Owner\AppData\Roaming\eRRRL9hhTXjUClB
c:\users\Owner\AppData\Roaming\eUCelIBrzPyAuDo
c:\users\Owner\AppData\Roaming\EuvD2onF4m
c:\users\Owner\AppData\Roaming\evvvS22obF4mGsQ
c:\users\Owner\AppData\Roaming\eYXwjUVelBz0c1
c:\users\Owner\AppData\Roaming\f3onG4aQHs
c:\users\Owner\AppData\Roaming\F9hTXwjUClBzNc1
c:\users\Owner\AppData\Roaming\FaQH6dWK7R9TqUe
c:\users\Owner\AppData\Roaming\fEL9gTXqjC
c:\users\Owner\AppData\Roaming\FjYCekIVrOyA
c:\users\Owner\AppData\Roaming\fjYCwkIVrOtAuSi
c:\users\Owner\AppData\Roaming\fK7fRL9gTqUeIrP
c:\users\Owner\AppData\Roaming\FmmmH55sWJ7ELgT
c:\users\Owner\AppData\Roaming\FQQJJ6dEK8fR9hX
c:\users\Owner\AppData\Roaming\fUVrlOBtx0c1b3n
c:\users\Owner\AppData\Roaming\fYCwkIVrzNx0v2b
c:\users\Owner\AppData\Roaming\FZqhYCwkUrOtPuS
c:\users\Owner\AppData\Roaming\fZqhYXwkUrOtP
c:\users\Owner\AppData\Roaming\g1ivD3onFaH
c:\users\Owner\AppData\Roaming\g1uvD2onFpHsJdL
c:\users\Owner\AppData\Roaming\gaQH6dWK7R9
c:\users\Owner\AppData\Roaming\gcccS11ivD3nGam
c:\users\Owner\AppData\Roaming\GEEK88gRZ9hYwkV
c:\users\Owner\AppData\Roaming\GhTTXwwjUV
c:\users\Owner\AppData\Roaming\gK8fRL9hTwUeItP
c:\users\Owner\AppData\Roaming\gL9hTXwjUeItPyA
c:\users\Owner\AppData\Roaming\gLL9hhTXwjUClIt
c:\users\Owner\AppData\Roaming\gpmH5sWJ7E8TqYw
c:\users\Owner\AppData\Roaming\GsQJ7dEK8RqYwUr
c:\users\Owner\AppData\Roaming\GsWJ7fEL8TqYwIr
c:\users\Owner\AppData\Roaming\gtxP0ycS1b3n4Q6
c:\users\Owner\AppData\Roaming\gtxxPP0ucS2iD3
c:\users\Owner\AppData\Roaming\GvD2onF4pHsJdLg
c:\users\Owner\AppData\Roaming\gWK7fRL9gXj
c:\users\Owner\AppData\Roaming\gYXwjUVelBz0c1
c:\users\Owner\AppData\Roaming\H1uvD2obFpHsJdL
c:\users\Owner\AppData\Roaming\h5aQJ6dWKfZh
c:\users\Owner\AppData\Roaming\HF4amH5sW7E8TqY
c:\users\Owner\AppData\Roaming\HfEL9gTXqYeIrOy
c:\users\Owner\AppData\Roaming\HKK88fRZ9hT
c:\users\Owner\AppData\Roaming\HpmG5QdKZhXjVlB
c:\users\Owner\AppData\Roaming\HrrzzONtxA0uS2b
c:\users\Owner\AppData\Roaming\hrzPNycA1v2n4m5
c:\users\Owner\AppData\Roaming\hTXqjUCekBzNx1v
c:\users\Owner\AppData\Roaming\hwwwkUUVr
c:\users\Owner\AppData\Roaming\HYYCCekIBrzOyx1
c:\users\Owner\AppData\Roaming\i2onF4amHs
c:\users\Owner\AppData\Roaming\i3onF4amHsJfLgZ
c:\users\Owner\AppData\Roaming\InG4aQH6d
c:\users\Owner\AppData\Roaming\isQJ6dEK8R9YwUe
c:\users\Owner\AppData\Roaming\IxP0ucS1iDpG
c:\users\Owner\AppData\Roaming\jAAA1ivvD3
c:\users\Owner\AppData\Roaming\JamH6sWK7E9TqYe
c:\users\Owner\AppData\Roaming\JbF3pnG5aJdKfZh
c:\users\Owner\AppData\Roaming\jEEEL8ggTZjYCkV
c:\users\Owner\AppData\Roaming\jJJJ7fEEL9
c:\users\Owner\AppData\Roaming\JkIIBBrzONyx
c:\users\Owner\AppData\Roaming\JnF4amH6sJfLgZj
c:\users\Owner\AppData\Roaming\jPNycA1uv2n4m5W
c:\users\Owner\AppData\Roaming\jRZ9hTXwjVlBz
c:\users\Owner\AppData\Roaming\JS2obF3pm5Q6
c:\users\Owner\AppData\Roaming\jwkIVrzONx
c:\users\Owner\AppData\Roaming\JxA0uvS2iFpGaJd
c:\users\Owner\AppData\Roaming\JYYYXwjjU
c:\users\Owner\AppData\Roaming\JzONyxA1uSoFpGs
c:\users\Owner\AppData\Roaming\k6sWK7fELgXjCkB
c:\users\Owner\AppData\Roaming\kekIVrzONx0v2b
c:\users\Owner\AppData\Roaming\KhYXwjUVeOtPy
c:\users\Owner\AppData\Roaming\kIBrzPNyc1v2n4
c:\users\Owner\AppData\Roaming\KlIBtzPNyAiDoFa
c:\users\Owner\AppData\Roaming\KlllOBttxPycSiD
c:\windows\TEMP\GuardGuard.exe
.
---- Previous Run -------
.
c:\program files (x86)\LP\6F60\2151.tmp
c:\program files (x86)\LP\6F60\2E9.tmp
c:\program files (x86)\LP\6F60\7E7A.tmp
c:\program files (x86)\LP\6F60\CD51.tmp
c:\program files (x86)\LP\6F60\EBA1.exe
c:\program files (x86)\LP\6F60\EBA1.tmp
c:\program files (x86)\LP\6F60\F483.tmp
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ix47aemq.default\extensions\{1c7e764f-de66-4335-a088-3a8e70ec81d5}\chrome.manifest
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ix47aemq.default\extensions\{1c7e764f-de66-4335-a088-3a8e70ec81d5}\chrome\xulcache.jar
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ix47aemq.default\extensions\{1c7e764f-de66-4335-a088-3a8e70ec81d5}\defaults\preferences\xulcache.js
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ix47aemq.default\extensions\{1c7e764f-de66-4335-a088-3a8e70ec81d5}\install.rdf
c:\windows\favicon.ico
c:\windows\TEMP\GuardGuard.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
-------\Service_COMSysApp
-------\Service_Spooler32
.
.
((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))
.
.
2011-11-20 17:42 . 2011-11-20 17:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-20 17:42 . 2011-11-20 17:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-20 16:42 . 2011-11-20 16:42 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-11-20 16:08 . 2011-11-20 16:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-20 07:02 . 2011-11-20 07:02 -------- d-----w- c:\users\Owner\AppData\Local\Secunia PSI
2011-11-20 07:02 . 2011-11-20 07:02 -------- d-----w- c:\program files (x86)\Secunia
2011-11-19 21:39 . 2011-11-19 21:39 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-11-19 21:39 . 2011-11-19 21:39 -------- d-----w- c:\programdata\Malwarebytes
2011-11-19 21:39 . 2011-11-19 21:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-19 21:39 . 2011-09-01 01:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-11 03:15 . 2011-11-11 03:15 -------- d-----w- c:\users\Owner\AppData\Roaming\tBBtzzPNycA1v
2011-11-11 03:15 . 2011-11-11 03:15 -------- d-----w- c:\users\Owner\AppData\Roaming\ZTTTXqqjYCeIBzO
2011-11-11 03:15 . 2011-11-11 03:15 -------- d-----w- c:\users\Owner\AppData\Roaming\QOOOBttxP0uS1bD
2011-11-11 03:15 . 2011-11-11 03:15 -------- d-----w- c:\users\Owner\AppData\Roaming\Y0yycAA1ivDon4a
2011-11-11 03:15 . 2011-11-11 03:15 -------- d-----w- c:\users\Owner\AppData\Roaming\weeekIIBrz
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\OccSS2ibb3
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\OBBrrzPNyc
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\wxxPP0yycSibDoG
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\OHHH5sQQJ7EL8Rq
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\kppmmH5sWJ7dL8T
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\xaaaQHH6dWK
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\ldEEKK8gRZ9hXwU
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\XjjjUVVelIBzPyc
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\veeelOBBtx
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\YiibbD33on4aQ
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\m555aQQJ6d
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\VyyycA11iv2on4m
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\ZWWK77fRL
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\ZNNttxP0u
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\kwwkkIVrzONtA0v
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\YzPPNyycA1uD2nF
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\skkUUVrlOBtx0uS
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\nwwwjUVVelBt
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\SllOONtxP0uc2iD
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\yggTTXqjUCekBrP
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\rSS11ivD3
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\ZA00uuvS2ibF
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\nBBBrzzPNyc1uD2
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\xtttzP00yc1iv3n
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\xH6sWJ7fE9TqYeI
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\O8fRL9hTXjClBzN
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\lIBtzPNyc1v2
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\VucS1ibD3
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\rNycA1uvDoFp
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\oA1uvD2ob4m
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\pXwjUCelItPyAiD
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\NWK7fEL9gXjCkBz
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\LhTXwjUVeItPyAi
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\lobF3pmG5
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\nD2onF4am5W7E8T
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\Z4pmH5sQJdLg
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\unF4amH6sJfLgZj
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\yucS2ibD3n5Q6W8
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\opmG5aQJ6E8R9Yw
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\RQH6dWK8fLhXjCl
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\pBrzPNycAuDoFpH
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\ZRL9gTXqj
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\qdEL8gRZqYwU
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\srzONtxA0v2b3m5
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\Z7dEK8gRZ
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\zjYCekIVrOyAuSo
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\xrlONtxA0c2b3n5
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\m2obF4pmHsJdLgZ
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\yfEL8gTZqYwIrO
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\Z8gRZqhYC
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\zkIBrzONyAuSoFp
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\qmG5sQJ7dKgZhXk
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\pG5aQJ6dE
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\zL8gTZqhYwIrOtA
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\qBtzP0ycS
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\w1uvD2onFp
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\pQJ7dEK8gZhX
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\T3pnG5aQHdKfLhX
2011-11-11 03:04 . 2011-11-11 03:04 -------- d-----w- c:\users\Owner\AppData\Roaming\WhTXwjUVeItPyAi
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\XlIBtzP0yA
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\LWK7fRL9gXj
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\ujYCekIVrOyA
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\XNycA1ivDo
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\pzPNyxA1uDoFpHs
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\QamH6sWK7E9TqYe
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\KonF4pmH5W7E8
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\lgTZqjYCe
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\V4pmH5sQJdLg
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\upmG5sQJ6E8R9Yw
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\YEL8gTZqjCkVzNx
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\PZ9hTXwjUeItPy
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\yNtxP0ucSiDpGa
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\z3pmG5aQJdKfZhX
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\qUCelIBtzNc1v2n
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\OEL8gTZqhCkVlNx
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\zobF4pmH5Q
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\WK8gRZ9hYwUe
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\ZgTZqjYCwIrOtAu
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\skUVrlONtPuSiDp
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\XyxA1uvD2b
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\YkIVrzONyAuSoFp
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\rNyxA1uvD
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\ZtzP0ycS1v3n4m6
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\t4aQH6dWKf
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\NP0ycS1iv3n
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\RhTXqjUCeIrPyA
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\ugTZqjYCe
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\lXqjUCekIBzN
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\V8fRZ9hYXjVlBz0
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\wCwkUVrlOtPuSiD
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\t6dWK8fRLhXjClB
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\n5aQJ6dEKfZhXjV
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\PBtzP0ycAiD
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\W0ycS1ibDoGaHsK
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\L3onF4amHsJfLg
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\ldWK8fRL9TwU
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\ytxP0ycS1b3n4Q6
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\zvS2ibF3pGaJdKf
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\L2ibD3pnGaHdKf
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\WBrzPNycAuDoFpH
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\P0ycS1ivDoGaHsK
2011-11-11 02:58 . 2011-11-11 02:58 -------- d-----w- c:\users\Owner\AppData\Roaming\x5aQJ6dEKfZhXjV
2011-11-11 02:58 . 2011-11-11 02:58 -------- d-----w- c:\users\Owner\AppData\Roaming\tjUVelOBtP
2011-11-11 02:58 . 2011-11-11 02:58 -------- d-----w- c:\users\Owner\AppData\Roaming\vA1ivD2on4m5W7E
2011-11-11 02:58 . 2011-11-11 02:58 -------- d-----w- c:\users\Owner\AppData\Roaming\ZwkUVrlOBx0c1b3
2011-11-11 02:58 . 2011-11-11 02:58 -------- d-----w- c:\users\Owner\AppData\Roaming\lgTZqhYCwIrOtAu
2011-11-11 02:57 . 2011-11-11 02:57 -------- d-----w- c:\users\Owner\AppData\Roaming\q1ivD3onFaHsJfL
2011-11-11 02:57 . 2011-11-11 02:57 -------- d-----w- c:\users\Owner\AppData\Roaming\zvS2obF4pG
2011-11-11 02:57 . 2011-11-11 02:57 -------- d-----w- c:\users\Owner\AppData\Roaming\ygTZqjYCwIr
2011-11-11 02:57 . 2011-11-11 02:57 -------- d-----w- c:\users\Owner\AppData\Roaming\xYXwkUVelBx0c1b
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-20 16:18 . 2011-05-28 19:04 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-20 16:08 . 2010-08-29 20:16 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-01 05:24 . 2011-10-12 05:06 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 05:06 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 05:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 05:06 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 05:06 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 05:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 07:05 . 2011-08-31 07:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 07:05 . 2011-08-31 07:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 07:05 . 2011-08-31 07:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 07:05 . 2011-08-31 07:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-27 05:37 . 2011-10-12 05:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-12 05:05 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-12 05:05 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-27 04:26 . 2011-10-12 05:05 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-19_22.07.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-20 17:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-11 21:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-20 17:44 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-20 16:15 . 2011-11-20 16:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011112020111121\index.dat
+ 2009-07-14 04:54 . 2011-11-20 17:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-20 16:15 . 2011-11-20 16:15 49120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2010-04-02 13:24 . 2011-11-20 16:47 49616 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-20 16:47 28864 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-11 21:53 28864 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-02 13:24 . 2011-11-20 16:47 13252 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-774079642-1090894910-588817499-1001_UserData.bin
+ 2010-09-01 08:30 . 2010-09-01 08:30 17976 c:\windows\system32\drivers\psi_mf.sys
+ 2010-04-03 04:00 . 2011-11-20 16:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-03 04:00 . 2011-11-11 22:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-03 04:00 . 2011-11-11 22:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-03 04:00 . 2011-11-20 16:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-20 16:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-11 22:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-11-20 16:56 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-11-19 22:07 . 2011-11-19 22:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-20 17:44 . 2011-11-20 17:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-20 17:44 . 2011-11-20 17:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-19 22:07 . 2011-11-19 22:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-20 16:15 . 2011-11-20 16:15 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2011-11-20 16:18 . 2011-11-20 16:18 243360 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10y_ActiveX.exe
+ 2011-11-20 16:18 . 2011-11-20 16:18 328864 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10y_ActiveX.dll
+ 2011-11-20 16:08 . 2011-11-20 16:08 157472 c:\windows\SysWOW64\javaws.exe
- 2010-12-10 02:10 . 2010-09-15 12:50 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-11-20 16:08 . 2011-11-20 16:08 145184 c:\windows\SysWOW64\javaw.exe
- 2010-12-10 02:10 . 2010-09-15 12:50 145184 c:\windows\SysWOW64\java.exe
+ 2011-11-20 16:08 . 2011-11-20 16:08 145184 c:\windows\SysWOW64\java.exe
+ 2010-08-18 22:28 . 2011-11-20 16:44 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-08-18 22:28 . 2011-11-11 21:50 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-11-20 16:15 . 2011-10-05 17:52 170400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Solid State Networks\Host.e29ba4097ee7b6332e12f6205f0f4e7ec4036b62\launcher.dll
+ 2011-11-20 16:15 . 2011-10-05 17:52 525728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Solid State Networks\Host.e29ba4097ee7b6332e12f6205f0f4e7ec4036b62\downloader.dll
+ 2009-07-14 02:36 . 2011-11-19 22:14 626844 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-19 19:09 626844 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-19 19:09 107160 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-19 22:14 107160 c:\windows\system32\perfc009.dat
+ 2010-04-03 04:41 . 2011-11-20 16:42 530488 c:\windows\system32\drivers\sptd.sys
- 2009-07-14 05:01 . 2011-11-19 22:05 391096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-20 17:43 391096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-20 16:43 . 2011-11-20 16:43 391864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-11-20 16:08 . 2011-11-20 16:08 207360 c:\windows\Installer\3e0f9c1.msi
+ 2011-11-20 16:07 . 2011-11-20 16:07 907264 c:\windows\Installer\3e0f9b3.msi
+ 2010-01-27 01:07 . 2011-11-20 16:15 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
- 2009-07-14 04:45 . 2011-11-10 00:36 7111602 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-11-19 22:15 7111602 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-09-26 06:46 . 2011-11-20 17:43 31342816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-774079642-1090894910-588817499-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AHNSD"="c:\program files (x86)\AhnLab\Smart Update Utility\AhnSD.exe" [2010-01-14 223976]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Guard.Mail.ru.gui"="c:\program files (x86)\Mail.Ru\Guard\GuardMailRu.exe" [2011-06-06 1472720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-13 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 136176]
R3 AhnFlt2k;AhnFlt2k;c:\windows\system32\Drivers\AhnFlt2k.sys [x]
R3 AhnRec2k;AhnRec2k;c:\windows\system32\Drivers\AhnRec2k.sys [x]
R3 AhnRghNt;AhnRghNt;c:\windows\system32\Drivers\AhnRghNt.sys [x]
R3 ATamptNt_V3IS2007;ATamptNt_V3IS2007;c:\progra~1\AhnLab\V3IS2007\ATamptNt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 136176]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 SQ931;Zoom 2.0 Webcam;c:\windows\system32\Drivers\Capt931a.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AhnLab Task Scheduler;AhnLab Task Scheduler;c:\program files (x86)\AhnLab\Smart Update Utility\AhnSDsv.exe [2010-01-14 174824]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-02-22 810120]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Mail.Ru\Guard\GuardMailRu.exe [2011-06-06 1472720]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 11:00]
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 11:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 2093128]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 4271688]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-22 2837256]
"combofix"="c:\combofix\CF10810.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.apeha.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\program files (x86)\Mail.Ru\Agent\magent.exe
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
Trusted Zone: army.mil\www.us
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ix47aemq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0160CE27-16FC-470D-804F-FEABCD6886E6} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.032"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.abr"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ani"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.arw"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bay"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bmp"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bw"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cr2"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.crw"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cs1"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cur"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcx"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djv"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djvu"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dng"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.eps"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fff"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-774079642-1090894910-588817499-1001)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\photoviewer.dll"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.hdr"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icl"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icn"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iff"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ilbm"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.int"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.inta"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iw4"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2c"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2k"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jbr"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jif"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jp2"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpc"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpe"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpeg"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-774079642-1090894910-588817499-1001)
@Denied: (2) (LocalSystem)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpk"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpx"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.kdc"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.lbm"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mef"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mos"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mrw"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.nef"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.orf"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbm"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbr"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcd"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pct"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcx"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pef"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pgm"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pic"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pict"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pix"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.png"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ppm"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psd"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psp"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspbrush"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspimage"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raf"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ras"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raw"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgb"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgba"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rsb"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sgi"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sr2"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.srf"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tga"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.thm"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tif"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tiff"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25po"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25pp"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25ppf"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbm"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbmp"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xbm"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xif"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xmp"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xpm"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:83,75,35,c3,7c,df,1f,05,18,72,e4,b5,e1,1c,71,bb,ca,0b,63,a0,e4,8f,5c,
b9,4e,ad,df,6c,5e,b5,76,f5,cf,71,4d,22,f5,00,60,b6,b6,be,9c,fa,a7,92,d7,55,\
"??"=hex:d3,97,9e,81,1d,ee,3f,ef,2b,01,93,91,a8,9e,b9,5e
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\SecuROM\License information*]
"datasecu"=hex:a6,22,13,a3,25,e8,55,07,ed,af,ea,26,61,f5,e6,46,75,a5,36,90,a7,
59,cd,b3,ae,5d,c8,89,79,d7,9a,4b,ce,21,02,85,b1,c3,ef,e2,fa,15,6a,c8,74,95,\
"rkeysecu"=hex:4c,34,44,6b,e3,e1,24,50,de,30,b9,4e,f1,12,fd,03
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\TEMP\GuardGuard.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2011-11-20 10:03:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-20 18:03
.
Pre-Run: 172,770,377,728 bytes free
Post-Run: 172,859,527,168 bytes free
.
- - End Of File - - 69A862F3C74DEA217792437AD6EF91A9






Results of screen317's Security Check version 0.99.28
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 29
Adobe Flash Player 11.1.102.55
Adobe Reader 9 (Adobe Reader out of date!)
Mozilla Firefox (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

Attached Files


Edited by armygreen, 20 November 2011 - 07:03 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 PM

Posted 21 November 2011 - 08:51 AM

When I insert a CD/DVD into my computer and the auto-play pops up, it only gives me the options to view it as pictures or open the folder. The actual auto-play option is gone. I know how to go into the folder and use auto-play from there, but it's still annoying.


The autorun/autoplay feature, when enabled, causes one of two things to happen depending on previously made choices.

1. When a cd-rom or dvd is inserted, or a usb device (camera, flashdrive, external hard drive, etc) is attached, Windows will open a message window that provides a list of actions to take based on the content of the device or media.

2. If on prior occasion of the message window, the user selected to always perform the same action with certain types of media/device, there will be no message window opened upon detection of media/device. Instead, it will automatically run the previously selected program or execute the same behavior.

Example: with autorun/autoplay enabled you insert a music cd. Windows will detect the cd and it's contents, then open a message window that might offer to play the cd with Media Player, Music Match Jukebox, or any of many applications you may or may not have installed.
Insert a Movie DVD and Windows might prompt you to view it with Power DVD, Media Player, etc.

Example: with autorun/autoplay enabled and on a previous prompt for action the box was checked to always apply the same action, Windows might automatically open Roxio CD Creator or Nero Burning ROM when a blank cd is inserted.

Plug in a usb camera and Windows might open or prompt you to use the Scanner and Camera Transfer Wizard to transfer the pictures to your computer.

Plug in a flash drive and Windows might open or prompt you to use Windows Explorer to browse the contents of the flash drive. It may also just execute an infection residing on the flash drive, thereby infecting your computer.

Insert a game cd or software cd, and Windows might automatically begin the installation setup.

Malware authors have begun to exploit the autorun/autoplay feature, so the author of ComboFix, in an effort to help protect your computer from becoming infected via that avenue, configured ComboFix to disable it. Many security apps disable it as well, and even Microsoft recommends disabling it. Disabling autorun/autoplay does not prevent you from accessing those media sources. They are still available by opening My Computer and accessing the source drive (cd, dvd, usb flash or external harddrive). Pictures on a camera can still be accessed/transferred through My Pictures and selecting Get Pictures from a Scanner or Camera. Media can also be accessed via the program you intend to use it with, such as music cds accessed via Media Player, blank cds via your burning program, image handling software provided with the camera, etc. I do recommend you leave the feature disabled and get into the habit of accessing those media devices manually, however, I will send you via PM the information required to re-enable the autoplay feature should you decide to do so.

Please note that future versions of ComboFix will not run, if needed, after this registry fix has been applied.

===

The ComboFix tool was updated yesterday.
Delete your current version. Download and run the new one.

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Please post the ComboFix log and let me know what problem persists.

#9 armygreen

armygreen
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 21 November 2011 - 10:41 PM

Ok, I'll do as you suggest and just leave the auto-play off. I installed the new adobe. I have not noticed any more issues, and as a matter of fact, Windows loads faster and is ready to use sooner than it has been in a long time. Here is the ComboFix log:




ComboFix 11-11-21.01 - Owner 11/21/2011 19:21:27.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4093.2514 [GMT -8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\Documents\D&D\Dungeons & Dragons\Eberron\Desktop_.ini
c:\windows\TEMP\GuardGuard.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))
.
.
2011-11-22 03:31 . 2011-11-22 03:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-22 03:31 . 2011-11-22 03:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-22 03:14 . 2011-11-22 03:15 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-11-20 20:44 . 2011-11-20 20:44 -------- d-----w- c:\program files\ESET
2011-11-20 16:42 . 2011-11-20 16:42 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-11-20 16:08 . 2011-11-20 16:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-20 07:02 . 2011-11-20 07:02 -------- d-----w- c:\users\Owner\AppData\Local\Secunia PSI
2011-11-20 07:02 . 2011-11-20 07:02 -------- d-----w- c:\program files (x86)\Secunia
2011-11-19 21:39 . 2011-11-19 21:39 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-11-19 21:39 . 2011-11-19 21:39 -------- d-----w- c:\programdata\Malwarebytes
2011-11-19 21:39 . 2011-11-19 21:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-19 21:39 . 2011-09-01 01:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-11 03:15 . 2011-11-11 03:15 -------- d-----w- c:\users\Owner\AppData\Roaming\tBBtzzPNycA1v
2011-11-11 03:15 . 2011-11-11 03:15 -------- d-----w- c:\users\Owner\AppData\Roaming\ZTTTXqqjYCeIBzO
2011-11-11 03:15 . 2011-11-11 03:15 -------- d-----w- c:\users\Owner\AppData\Roaming\QOOOBttxP0uS1bD
2011-11-11 03:15 . 2011-11-11 03:15 -------- d-----w- c:\users\Owner\AppData\Roaming\Y0yycAA1ivDon4a
2011-11-11 03:15 . 2011-11-11 03:15 -------- d-----w- c:\users\Owner\AppData\Roaming\weeekIIBrz
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\OccSS2ibb3
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\OBBrrzPNyc
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\wxxPP0yycSibDoG
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\OHHH5sQQJ7EL8Rq
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\kppmmH5sWJ7dL8T
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\xaaaQHH6dWK
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\ldEEKK8gRZ9hXwU
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\XjjjUVVelIBzPyc
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\veeelOBBtx
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\YiibbD33on4aQ
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\m555aQQJ6d
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\VyyycA11iv2on4m
2011-11-11 03:13 . 2011-11-11 03:13 -------- d-----w- c:\users\Owner\AppData\Roaming\ZWWK77fRL
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\ZNNttxP0u
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\kwwkkIVrzONtA0v
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\YzPPNyycA1uD2nF
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\skkUUVrlOBtx0uS
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\nwwwjUVVelBt
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\SllOONtxP0uc2iD
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\yggTTXqjUCekBrP
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\rSS11ivD3
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\ZA00uuvS2ibF
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\nBBBrzzPNyc1uD2
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\xtttzP00yc1iv3n
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\xH6sWJ7fE9TqYeI
2011-11-11 03:11 . 2011-11-11 03:11 -------- d-----w- c:\users\Owner\AppData\Roaming\O8fRL9hTXjClBzN
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\lIBtzPNyc1v2
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\VucS1ibD3
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\rNycA1uvDoFp
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\oA1uvD2ob4m
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\pXwjUCelItPyAiD
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\NWK7fEL9gXjCkBz
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\LhTXwjUVeItPyAi
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\lobF3pmG5
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\nD2onF4am5W7E8T
2011-11-11 03:09 . 2011-11-11 03:09 -------- d-----w- c:\users\Owner\AppData\Roaming\Z4pmH5sQJdLg
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\unF4amH6sJfLgZj
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\yucS2ibD3n5Q6W8
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\opmG5aQJ6E8R9Yw
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\RQH6dWK8fLhXjCl
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\pBrzPNycAuDoFpH
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\ZRL9gTXqj
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\qdEL8gRZqYwU
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\srzONtxA0v2b3m5
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\Z7dEK8gRZ
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\zjYCekIVrOyAuSo
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\xrlONtxA0c2b3n5
2011-11-11 03:07 . 2011-11-11 03:07 -------- d-----w- c:\users\Owner\AppData\Roaming\m2obF4pmHsJdLgZ
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\yfEL8gTZqYwIrO
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\Z8gRZqhYC
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\zkIBrzONyAuSoFp
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\qmG5sQJ7dKgZhXk
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\pG5aQJ6dE
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\zL8gTZqhYwIrOtA
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\qBtzP0ycS
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\w1uvD2onFp
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\pQJ7dEK8gZhX
2011-11-11 03:06 . 2011-11-11 03:06 -------- d-----w- c:\users\Owner\AppData\Roaming\T3pnG5aQHdKfLhX
2011-11-11 03:04 . 2011-11-11 03:04 -------- d-----w- c:\users\Owner\AppData\Roaming\WhTXwjUVeItPyAi
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\XlIBtzP0yA
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\LWK7fRL9gXj
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\ujYCekIVrOyA
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\XNycA1ivDo
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\pzPNyxA1uDoFpHs
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\QamH6sWK7E9TqYe
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\KonF4pmH5W7E8
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\lgTZqjYCe
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\V4pmH5sQJdLg
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\upmG5sQJ6E8R9Yw
2011-11-11 03:03 . 2011-11-11 03:03 -------- d-----w- c:\users\Owner\AppData\Roaming\YEL8gTZqjCkVzNx
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\PZ9hTXwjUeItPy
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\yNtxP0ucSiDpGa
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\z3pmG5aQJdKfZhX
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\qUCelIBtzNc1v2n
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\OEL8gTZqhCkVlNx
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\zobF4pmH5Q
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\WK8gRZ9hYwUe
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\ZgTZqjYCwIrOtAu
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\skUVrlONtPuSiDp
2011-11-11 03:01 . 2011-11-11 03:01 -------- d-----w- c:\users\Owner\AppData\Roaming\XyxA1uvD2b
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\YkIVrzONyAuSoFp
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\rNyxA1uvD
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\ZtzP0ycS1v3n4m6
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\t4aQH6dWKf
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\NP0ycS1iv3n
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\RhTXqjUCeIrPyA
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\ugTZqjYCe
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\lXqjUCekIBzN
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\V8fRZ9hYXjVlBz0
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\wCwkUVrlOtPuSiD
2011-11-11 03:00 . 2011-11-11 03:00 -------- d-----w- c:\users\Owner\AppData\Roaming\t6dWK8fRLhXjClB
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\n5aQJ6dEKfZhXjV
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\PBtzP0ycAiD
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\W0ycS1ibDoGaHsK
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\L3onF4amHsJfLg
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\ldWK8fRL9TwU
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\ytxP0ycS1b3n4Q6
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\zvS2ibF3pGaJdKf
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\L2ibD3pnGaHdKf
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\WBrzPNycAuDoFpH
2011-11-11 02:59 . 2011-11-11 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\P0ycS1ivDoGaHsK
2011-11-11 02:58 . 2011-11-11 02:58 -------- d-----w- c:\users\Owner\AppData\Roaming\x5aQJ6dEKfZhXjV
2011-11-11 02:58 . 2011-11-11 02:58 -------- d-----w- c:\users\Owner\AppData\Roaming\tjUVelOBtP
2011-11-11 02:58 . 2011-11-11 02:58 -------- d-----w- c:\users\Owner\AppData\Roaming\vA1ivD2on4m5W7E
2011-11-11 02:58 . 2011-11-11 02:58 -------- d-----w- c:\users\Owner\AppData\Roaming\ZwkUVrlOBx0c1b3
2011-11-11 02:58 . 2011-11-11 02:58 -------- d-----w- c:\users\Owner\AppData\Roaming\lgTZqhYCwIrOtAu
2011-11-11 02:57 . 2011-11-11 02:57 -------- d-----w- c:\users\Owner\AppData\Roaming\q1ivD3onFaHsJfL
2011-11-11 02:57 . 2011-11-11 02:57 -------- d-----w- c:\users\Owner\AppData\Roaming\zvS2obF4pG
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-20 16:42 . 2010-04-03 04:41 530488 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-20 16:18 . 2011-05-28 19:04 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-20 16:08 . 2010-08-29 20:16 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-01 05:24 . 2011-10-12 05:06 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 05:06 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 05:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 05:06 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 05:06 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 05:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 07:05 . 2011-08-31 07:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 07:05 . 2011-08-31 07:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 07:05 . 2011-08-31 07:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 07:05 . 2011-08-31 07:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-27 05:37 . 2011-10-12 05:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-12 05:05 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-12 05:05 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-27 04:26 . 2011-10-12 05:05 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-22_03.05.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-22 03:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-22 03:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-22 03:32 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-22 03:05 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-22 03:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-22 03:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-02 13:24 . 2011-11-22 03:09 51080 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-22 03:09 29048 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-02 13:24 . 2011-11-22 03:09 13482 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-774079642-1090894910-588817499-1001_UserData.bin
- 2010-04-03 04:00 . 2011-11-21 03:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-03 04:00 . 2011-11-22 03:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-03 04:00 . 2011-11-22 03:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-03 04:00 . 2011-11-21 03:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-22 03:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-21 03:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-06 20:55 . 2011-06-06 20:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 20:55 . 2011-06-06 20:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 20:55 . 2011-06-06 20:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 20:55 . 2011-06-06 20:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 20:55 . 2011-06-06 20:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 20:55 . 2011-06-06 20:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 20:55 . 2011-06-06 20:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 20:55 . 2011-06-06 20:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 20:55 . 2011-06-06 20:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 20:55 . 2011-06-06 20:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
- 2011-11-22 03:04 . 2011-11-22 03:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-22 03:32 . 2011-11-22 03:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-22 03:32 . 2011-11-22 03:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-22 03:04 . 2011-11-22 03:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-18 22:28 . 2011-11-22 03:05 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-08-18 22:28 . 2011-11-22 02:44 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-11-22 03:03 391096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-22 03:31 391096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-06 20:55 . 2011-06-06 20:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 20:55 . 2011-06-06 20:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 20:55 . 2011-06-06 20:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 20:55 . 2011-06-06 20:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 20:55 . 2011-06-06 20:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 20:55 . 2011-06-06 20:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 20:55 . 2011-06-06 20:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 20:55 . 2011-06-06 20:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\91772.msi
+ 2011-06-06 20:55 . 2011-06-06 20:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 20:55 . 2011-06-06 20:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 20:55 . 2011-06-06 20:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 20:55 . 2011-06-06 20:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2010-09-26 06:46 . 2011-11-22 03:31 31395549 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-774079642-1090894910-588817499-1001-12288.dat
+ 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\91773.msp
+ 2011-06-06 20:55 . 2011-06-06 20:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AHNSD"="c:\program files (x86)\AhnLab\Smart Update Utility\AhnSD.exe" [2010-01-14 223976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Guard.Mail.ru.gui"="c:\program files (x86)\Mail.Ru\Guard\GuardMailRu.exe" [2011-06-06 1472720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-13 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 136176]
R3 AhnFlt2k;AhnFlt2k;c:\windows\system32\Drivers\AhnFlt2k.sys [x]
R3 AhnRec2k;AhnRec2k;c:\windows\system32\Drivers\AhnRec2k.sys [x]
R3 AhnRghNt;AhnRghNt;c:\windows\system32\Drivers\AhnRghNt.sys [x]
R3 ATamptNt_V3IS2007;ATamptNt_V3IS2007;c:\progra~1\AhnLab\V3IS2007\ATamptNt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 136176]
R3 SQ931;Zoom 2.0 Webcam;c:\windows\system32\Drivers\Capt931a.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AhnLab Task Scheduler;AhnLab Task Scheduler;c:\program files (x86)\AhnLab\Smart Update Utility\AhnSDsv.exe [2010-01-14 174824]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Mail.Ru\Guard\GuardMailRu.exe [2011-06-06 1472720]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 11:00]
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 11:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 2093128]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 4271688]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.apeha.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\program files (x86)\Mail.Ru\Agent\magent.exe
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
Trusted Zone: army.mil\www.us
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ix47aemq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0160CE27-16FC-470D-804F-FEABCD6886E6} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.032"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.abr"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ani"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.arw"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bay"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bmp"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bw"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cr2"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.crw"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cs1"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cur"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcx"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djv"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djvu"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dng"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.eps"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fff"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-774079642-1090894910-588817499-1001)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\photoviewer.dll"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.hdr"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icl"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icn"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iff"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ilbm"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.int"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.inta"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iw4"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2c"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2k"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jbr"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jif"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jp2"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpc"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpe"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpeg"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-774079642-1090894910-588817499-1001)
@Denied: (2) (LocalSystem)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpk"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpx"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.kdc"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.lbm"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mef"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mos"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mrw"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.nef"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.orf"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbm"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbr"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcd"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pct"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcx"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pef"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pgm"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pic"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pict"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pix"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.png"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ppm"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psd"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psp"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspbrush"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspimage"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raf"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ras"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raw"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgb"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgba"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rsb"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sgi"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sr2"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.srf"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tga"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.thm"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tif"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tiff"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25po"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25pp"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25ppf"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbm"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbmp"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xbm"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xif"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xmp"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xpm"
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:83,75,35,c3,7c,df,1f,05,18,72,e4,b5,e1,1c,71,bb,ca,0b,63,a0,e4,8f,5c,
b9,4e,ad,df,6c,5e,b5,76,f5,cf,71,4d,22,f5,00,60,b6,b6,be,9c,fa,a7,92,d7,55,\
"??"=hex:d3,97,9e,81,1d,ee,3f,ef,2b,01,93,91,a8,9e,b9,5e
.
[HKEY_USERS\S-1-5-21-774079642-1090894910-588817499-1001\Software\SecuROM\License information*]
"datasecu"=hex:a6,22,13,a3,25,e8,55,07,ed,af,ea,26,61,f5,e6,46,75,a5,36,90,a7,
59,cd,b3,ae,5d,c8,89,79,d7,9a,4b,ce,21,02,85,b1,c3,ef,e2,fa,15,6a,c8,74,95,\
"rkeysecu"=hex:4c,34,44,6b,e3,e1,24,50,de,30,b9,4e,f1,12,fd,03
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\TEMP\GuardGuard.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2011-11-21 19:39:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-22 03:39
ComboFix2.txt 2011-11-22 03:10
ComboFix3.txt 2011-11-20 18:03
.
Pre-Run: 173,681,885,184 bytes free
Post-Run: 173,643,284,480 bytes free
.
- - End Of File - - 394FF8427D8127B73762D193A23955C3

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 PM

Posted 22 November 2011 - 10:10 AM

Glad we could help.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users