Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected


  • This topic is locked This topic is locked
18 replies to this topic

#1 dadcruise86

dadcruise86

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 07 December 2011 - 09:23 PM

Here is the log file from Combofix

ComboFix 11-12-06.02 - Matthew 12/07/2011 20:21:30.8.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2265 [GMT -5:00]
Running from: c:\users\Matthew\Desktop\ComboFixed.exe
AV: Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matthew\AppData\Local\ejy.exe
.
c:\windows\SysWow64\kernel32.dll . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))
.
.
2011-12-08 02:09 . 2011-12-08 02:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-08 02:09 . 2011-12-08 02:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-08 02:09 . 2011-12-08 02:09 -------- d-----w- c:\users\AppData\AppData\Local\temp
2011-12-02 00:33 . 2011-12-02 00:33 -------- d-----w- c:\users\Matthew\AppData\Roaming\Template
2011-12-02 00:25 . 2011-12-08 02:09 -------- d-----w- c:\users\Matthew\AppData\Local\temp
2011-11-23 04:50 . 2011-11-23 04:50 -------- d-----w- c:\users\Matthew\AppData\Roaming\SUPERAntiSpyware.com
2011-11-23 04:50 . 2011-11-23 04:50 -------- d-----w- c:\programdata\!SASCORE
2011-11-23 04:50 . 2011-11-23 04:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-23 03:22 . 2011-11-23 03:22 -------- d-----w- c:\users\Matthew\AppData\Roaming\KTTTZZqhYCwkVrO
2011-11-23 03:22 . 2011-11-23 03:22 -------- d-----w- c:\users\Matthew\AppData\Roaming\fGGG44amH6sW7fL
2011-11-23 03:22 . 2011-11-23 03:22 -------- d-----w- c:\users\Matthew\AppData\Roaming\hUUVVrllOBtP0cS
2011-11-23 03:22 . 2011-11-23 04:45 -------- d-----w- c:\users\Matthew\AppData\Roaming\31E38
2011-11-23 03:22 . 2011-11-23 03:42 -------- d-----w- c:\users\Matthew\AppData\Roaming\tBPcvo45J7EKR
2011-11-23 03:22 . 2011-11-23 03:22 -------- d-----w- c:\users\Matthew\AppData\Roaming\JnnnF44amH5W
2011-11-23 03:22 . 2011-11-23 03:22 -------- d-----w- c:\users\Matthew\AppData\Roaming\UellIBBtzPNyA1v
2011-11-23 03:20 . 2011-11-23 03:21 -------- d-----w- c:\users\Matthew\AppData\Roaming\WVrrzONtAc2iD3n
2011-11-23 03:20 . 2011-11-23 03:20 -------- d-----w- c:\users\Matthew\AppData\Roaming\S6ddWK7fRL9gXjC
2011-11-18 22:39 . 2011-11-18 22:39 -------- d-----w- c:\users\Matthew\AppData\Roaming\mNNNyxxA0uvSi
2011-11-18 22:39 . 2011-11-18 22:39 -------- d-----w- c:\users\Matthew\AppData\Roaming\lekkIIBrz
2011-11-18 22:39 . 2011-11-18 22:39 -------- d-----w- c:\users\Matthew\AppData\Roaming\bjCCwkIIVrO
2011-11-18 22:39 . 2011-11-23 03:29 -------- d-----w- c:\users\Matthew\AppData\Roaming\eNNNyxxAuv2oF3
2011-11-18 22:39 . 2011-11-18 22:39 -------- d-----w- c:\users\Matthew\AppData\Roaming\SvvD2obF45sQ6dK
2011-11-13 04:46 . 2011-11-13 04:46 -------- d-----w- c:\users\Matthew\AppData\Roaming\W8fRZhYXw
2011-11-13 04:46 . 2011-11-13 04:46 -------- d-----w- c:\users\Matthew\AppData\Roaming\lIBzycA1uDoFpGs
2011-11-13 04:13 . 2011-11-13 04:13 -------- d-----w- c:\users\Matthew\AppData\Roaming\aA6dEK8fR9TwUeI
2011-11-13 04:13 . 2011-11-13 04:13 -------- d-----w- c:\users\Matthew\AppData\Roaming\EdEK8gRZ9YwUeIt
2011-11-13 04:06 . 2011-11-23 04:43 -------- d-----w- c:\program files (x86)\38B06
2011-11-13 02:47 . 2011-11-13 02:47 102400 ----a-w- c:\users\Matthew\AppData\Roaming\Microsoft\CBC3\E40F.tmp
2011-11-13 02:47 . 2011-11-23 04:45 -------- d-----w- c:\users\Matthew\AppData\Roaming\38B06
2011-11-13 02:47 . 2011-11-13 02:47 -------- d-----w- c:\users\Matthew\AppData\Roaming\TD22obbF4pG5Q6d
2011-11-13 02:47 . 2011-11-13 02:47 -------- d-----w- c:\users\Matthew\AppData\Roaming\YlIItzPNyc
2011-11-13 02:47 . 2011-11-13 02:47 -------- d-----w- c:\users\Matthew\AppData\Roaming\VUUeBz4s9
2011-11-13 02:47 . 2011-11-13 14:06 -------- d-----w- c:\users\Matthew\AppData\Roaming\L888gTTZqhY
2011-11-13 02:47 . 2011-11-13 02:47 -------- d-----w- c:\users\Matthew\AppData\Roaming\sPP0uS11ibD
2011-11-11 04:46 . 2011-10-18 19:29 28760 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-11-09 23:52 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 23:52 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 23:52 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 23:52 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 23:52 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-09 23:52 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 04:21 . 2011-06-11 15:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-15 18:16 . 2010-10-11 19:25 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 18:16 . 2010-10-11 19:24 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 18:16 . 2010-10-11 19:24 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 18:16 . 2010-10-11 19:24 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 18:16 . 2010-10-11 19:24 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 18:16 . 2010-10-11 19:24 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 18:16 . 2010-10-11 19:24 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 18:16 . 2010-10-11 19:24 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 18:16 . 2010-10-11 19:24 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-09-30 23:25 . 2011-10-14 23:37 1147904 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:21 . 2011-10-14 23:37 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:21 . 2011-10-14 23:37 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:20 . 2011-10-14 23:37 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 23:20 . 2011-10-14 23:37 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:06 . 2011-10-14 23:37 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-30 23:02 . 2011-10-14 23:37 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-30 23:01 . 2011-10-14 23:37 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-30 23:01 . 2011-10-14 23:37 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-30 23:01 . 2011-10-14 23:37 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-30 22:29 . 2011-10-14 23:37 479232 ----a-w- c:\windows\system32\html.iec
2011-09-30 22:07 . 2011-10-14 23:37 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-09-30 21:48 . 2011-10-14 23:37 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:47 . 2011-10-14 23:37 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-30 21:29 . 2011-10-14 23:37 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-30 21:28 . 2011-10-14 23:37 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-15 01:29 . 2011-09-15 01:29 18944 ----a-r- c:\users\Matthew\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2011-09-15 01:29 . 2011-09-15 01:29 11264 ----a-r- c:\users\Matthew\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Akamai NetSession Interface"="c:\users\Matthew\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-29 5464448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896]
"VerizonServicepoint.exe"="c:\program files (x86)\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 4318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 136176]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw3v64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
R4 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-07-19 146816]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/05 09:36];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 02:04 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-12-03 365952]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Verizon\VSP\ServicepointService.exe [2011-01-10 689464]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-27 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-27 116096]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-13 c:\windows\Tasks\Driver Robot.job
- c:\program files (x86)\Driver Robot\1.2.0.5\DriverRobot.exe [2010-05-05 21:29]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 14:01]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 14:01]
.
2011-12-08 c:\windows\Tasks\Reg Tool Startup.job
- c:\program files (x86)\Reg Tool\Reg Tool.exe [2009-11-23 17:49]
.
2011-12-08 c:\windows\Tasks\User_Feed_Synchronization-{F9AE37A1-703A-4142-A2D9-0DEDDD7756DB}.job
- c:\windows\system32\msfeedssync.exe [2011-10-14 21:29]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:63232
IE: Download with &Shareaza - c:\program files (x86)\Shareaza\RazaWebHook64.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\mj4arz0f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 63232
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 63232
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63232
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 63232
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 63232
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files (x86)\McAfee\SiteAdvisor
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Matthew\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
HKLM-Run-PC MightyMax 2011 Tray Icon - c:\program files (x86)\PC MightyMax 2011\TrayIcon.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-12-07 21:14:50
ComboFix-quarantined-files.txt 2011-12-08 02:14
ComboFix2.txt 2011-12-02 00:25
ComboFix3.txt 2011-11-18 23:12
ComboFix4.txt 2011-11-13 05:20
ComboFix5.txt 2011-12-08 01:16
.
Pre-Run: 117,669,916,672 bytes free
Post-Run: 117,653,811,200 bytes free
.
- - End Of File - - AA510AE7E0FD42CC6C3F84BC48CFC481

Edited by boopme, 07 December 2011 - 10:32 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:45 PM

Posted 11 December 2011 - 02:29 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dadcruise86

dadcruise86
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 13 December 2011 - 10:03 PM

OTL logfile created on: 12/13/2011 21:47:38 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Matthew\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 55.46% Memory free
7.68 Gb Paging File | 5.79 Gb Available in Paging File | 75.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.00 Gb Total Space | 109.03 Gb Free Space | 38.26% Space Free | Partition Type: NTFS
Drive D: | 13.08 Gb Total Space | 2.04 Gb Free Space | 15.57% Space Free | Partition Type: NTFS

Computer Name: MATTHEW-PC | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Matthew\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Matthew\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
PRC - C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe (Verizon)
PRC - C:\Program Files (x86)\Verizon\VSP\VerizonServicepointComHandler.exe (Radialpoint Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Verizon\VSP\Windows7Features.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV:64bit: - (dlbc_device) -- C:\Windows\SysNative\dlbccoms.exe ( )
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ServicepointService) -- C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (NETw3v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found


IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63232

IE - HKU\S-1-5-18\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63232



IE - HKU\S-1-5-21-1937645594-2378020060-2163045775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKU\S-1-5-21-1937645594-2378020060-2163045775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1937645594-2378020060-2163045775-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1937645594-2378020060-2163045775-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1937645594-2378020060-2163045775-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63232

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 63232
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 63232
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 63232
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 63232
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 63232
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Matthew\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matthew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/10 19:00:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/14 22:15:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/14 22:15:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Matthew\AppData\Roaming\Move Networks [2010/01/09 10:43:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{A8A595F2-B875-4DC7-AC82-F5C6E1395726}: C:\Users\Matthew\AppData\Local\{A8A595F2-B875-4DC7-AC82-F5C6E1395726}

[2010/04/06 15:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Extensions
[2011/12/09 15:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\mj4arz0f.default\extensions
[2011/06/21 15:53:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\mj4arz0f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/17 21:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/17 21:59:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/10 19:00:26 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2010/01/09 10:43:30 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\MATTHEW\APPDATA\ROAMING\MOVE NETWORKS
[2011/04/14 13:08:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: SiteAdvisor = C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\

O1 HOSTS File: ([2011/12/08 18:43:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111110234619.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111110234619.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1937645594-2378020060-2163045775-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [PC MightyMax 2011 Tray Icon] "C:\Program Files (x86)\PC MightyMax 2011\TrayIcon.exe" File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKU\S-1-5-21-1937645594-2378020060-2163045775-1000..\Run: [Akamai NetSession Interface] C:\Users\Matthew\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1937645594-2378020060-2163045775-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1937645594-2378020060-2163045775-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1937645594-2378020060-2163045775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download with &Shareaza - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1937645594-2378020060-2163045775-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{358F4E12-0663-4A67-B307-026930C1B97E}: DhcpNameServer = 192.168.1.1 71.242.0.12
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1937645594-2378020060-2163045775-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1937645594-2378020060-2163045775-1000\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/13 21:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2011/12/13 21:45:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe
[2011/12/12 07:43:23 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\photographs
[2011/12/08 19:16:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/08 18:46:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/08 18:46:21 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\temp
[2011/12/08 18:26:30 | 000,000,000 | ---D | C] -- C:\ComboFixed
[2011/12/08 00:08:36 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Student Teaching
[2011/12/01 19:41:15 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Documents\My Projects
[2011/12/01 19:33:49 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\Template
[2011/12/01 19:08:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/01 19:08:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/01 19:08:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/22 23:50:30 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/22 23:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/22 23:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/11/22 23:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/22 22:22:33 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\KTTTZZqhYCwkVrO
[2011/11/22 22:22:33 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\fGGG44amH6sW7fL
[2011/11/22 22:22:28 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\hUUVVrllOBtP0cS
[2011/11/22 22:22:27 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\31E38
[2011/11/22 22:22:25 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\tBPcvo45J7EKR
[2011/11/22 22:22:24 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\JnnnF44amH5W
[2011/11/22 22:22:20 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\UellIBBtzPNyA1v
[2011/11/22 22:20:59 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\WVrrzONtAc2iD3n
[2011/11/22 22:20:59 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\S6ddWK7fRL9gXjC
[2011/11/18 17:39:10 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\mNNNyxxA0uvSi
[2011/11/18 17:39:10 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\lekkIIBrz
[2011/11/18 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\bjCCwkIIVrO
[2011/11/18 17:39:05 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\SvvD2obF45sQ6dK
[2011/11/18 17:39:05 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\eNNNyxxAuv2oF3
[2011/11/18 17:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2010/05/04 20:28:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdainpa.dll
[2010/05/04 20:28:32 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdaiesc.dll
[2010/05/04 20:28:30 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdapmui.dll
[2010/05/04 20:28:27 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdausb1.dll
[2010/05/04 20:28:26 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdaserv.dll
[2010/05/04 20:28:26 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdaprox.dll
[2010/05/04 20:28:25 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdappls.exe
[2010/05/04 20:28:25 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdapplc.dll
[2010/05/04 20:28:24 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdahbn3.dll
[2010/05/04 20:28:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdalmpm.dll
[2010/05/04 20:28:24 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdaih.exe
[2010/05/04 20:28:23 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdacoms.exe
[2010/05/04 20:28:22 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdacomm.dll
[2010/05/04 20:28:21 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdacomc.dll
[2010/05/04 20:28:21 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdacfg.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/13 21:46:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe
[2011/12/13 21:42:58 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/13 21:42:50 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\Reg Tool Startup.job
[2011/12/13 21:42:47 | 000,003,216 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 21:42:46 | 000,003,216 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 21:42:37 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMatthew.job
[2011/12/13 21:42:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/13 21:42:26 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/13 21:41:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/12/13 21:06:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/13 20:21:30 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F9AE37A1-703A-4142-A2D9-0DEDDD7756DB}.job
[2011/12/12 15:35:05 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/12 15:35:05 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/12 15:35:05 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/08 18:43:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/08 00:05:19 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/07 20:14:47 | 004,331,784 | R--- | M] (Swearware) -- C:\Users\Matthew\Desktop\ComboFixed.exe
[2011/12/07 20:12:01 | 000,008,476 | -HS- | M] () -- C:\Users\Matthew\AppData\Local\855168y7r243g510g801n3taf3k8
[2011/12/07 20:12:01 | 000,008,476 | -HS- | M] () -- C:\ProgramData\855168y7r243g510g801n3taf3k8
[2011/12/01 19:41:44 | 000,000,004 | ---- | M] () -- C:\Users\Matthew\AppData\Roaming\wklnhst.dat
[2011/12/01 18:57:23 | 000,010,728 | -HS- | M] () -- C:\Users\Matthew\AppData\Local\0244py2ts202a383on6uyu3m022hn5u8b48x5
[2011/12/01 18:57:23 | 000,010,728 | -HS- | M] () -- C:\ProgramData\0244py2ts202a383on6uyu3m022hn5u8b48x5
[2011/11/24 23:21:39 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/22 23:50:21 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/22 22:28:43 | 000,001,797 | ---- | M] () -- C:\Users\Matthew\Desktop\PC MightyMax 2011.lnk
[2011/11/18 17:23:04 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/12 21:20:00 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForMatthew.job
[2011/12/08 18:54:35 | 4024,262,656 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/06 17:12:41 | 000,008,476 | -HS- | C] () -- C:\Users\Matthew\AppData\Local\855168y7r243g510g801n3taf3k8
[2011/12/06 17:12:41 | 000,008,476 | -HS- | C] () -- C:\ProgramData\855168y7r243g510g801n3taf3k8
[2011/12/01 19:33:41 | 000,000,004 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\wklnhst.dat
[2011/12/01 19:08:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/01 19:08:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/01 19:08:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/01 19:08:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/01 19:08:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/01 18:34:33 | 000,010,728 | -HS- | C] () -- C:\Users\Matthew\AppData\Local\0244py2ts202a383on6uyu3m022hn5u8b48x5
[2011/12/01 18:34:33 | 000,010,728 | -HS- | C] () -- C:\ProgramData\0244py2ts202a383on6uyu3m022hn5u8b48x5
[2011/11/22 23:50:21 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/18 17:23:04 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/06/17 17:02:00 | 000,011,184 | -HS- | C] () -- C:\Users\Matthew\AppData\Local\0p5p561hma
[2011/06/17 17:02:00 | 000,011,184 | -HS- | C] () -- C:\ProgramData\0p5p561hma
[2011/06/14 17:12:30 | 000,009,810 | -HS- | C] () -- C:\Users\Matthew\AppData\Local\5v2622g0y4yi4d3y2re0yqo425p8738364r4f5n384gliy7
[2011/06/14 17:12:30 | 000,009,810 | -HS- | C] () -- C:\ProgramData\5v2622g0y4yi4d3y2re0yqo425p8738364r4f5n384gliy7
[2011/06/02 15:10:00 | 000,010,298 | -HS- | C] () -- C:\Users\Matthew\AppData\Local\xrm18qj0cd35y3625x7x2jiavwuol
[2011/06/02 15:10:00 | 000,010,298 | -HS- | C] () -- C:\ProgramData\xrm18qj0cd35y3625x7x2jiavwuol
[2011/05/19 16:13:53 | 000,000,120 | ---- | C] () -- C:\Users\Matthew\AppData\Local\Tyocelapelepix.dat
[2011/05/19 16:13:53 | 000,000,000 | ---- | C] () -- C:\Users\Matthew\AppData\Local\Etatogajek.bin
[2011/04/14 21:47:02 | 000,000,691 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\GetValue.vbs
[2011/04/14 21:47:02 | 000,000,035 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\SetValue.bat
[2011/03/06 21:03:57 | 000,011,216 | -HS- | C] () -- C:\Users\Matthew\AppData\Local\3501362225
[2011/03/06 21:03:57 | 000,011,216 | -HS- | C] () -- C:\ProgramData\3501362225
[2011/02/05 15:09:04 | 000,000,732 | ---- | C] () -- C:\Users\Matthew\AppData\Local\d3d9caps64.dat
[2010/08/31 16:31:58 | 000,000,680 | ---- | C] () -- C:\Users\Matthew\AppData\Local\d3d9caps.dat
[2010/05/19 21:35:05 | 000,068,977 | ---- | C] () -- C:\Users\Matthew\AppData\Local\tmp23917_LARGE.JPG
[2010/05/19 21:34:51 | 000,015,237 | ---- | C] () -- C:\Users\Matthew\AppData\Local\tmp23917_LARGE_navi.JPG
[2010/05/19 21:34:48 | 000,098,989 | ---- | C] () -- C:\Users\Matthew\AppData\Local\tmp23917_LARGE.0
[2010/05/04 20:28:32 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXDAinst.dll
[2010/05/04 20:28:30 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxdautil.dll
[2010/03/16 16:21:51 | 000,008,498 | -HS- | C] () -- C:\Users\Matthew\AppData\Local\857s34XEOqW2g
[2010/03/16 16:21:51 | 000,008,498 | -HS- | C] () -- C:\ProgramData\857s34XEOqW2g
[2010/03/16 16:01:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/03/16 15:15:59 | 000,001,410 | -HS- | C] () -- C:\Users\Matthew\AppData\Local\EAvy
[2010/03/16 15:15:59 | 000,001,410 | -HS- | C] () -- C:\ProgramData\EAvy
[2009/10/20 14:19:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/20 14:18:44 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/10/20 14:17:41 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/11 19:36:23 | 000,000,039 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\AVSMediaPlayer.m3u
[2009/10/11 19:34:24 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/10/11 19:34:24 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/04/28 16:41:12 | 000,000,103 | ---- | C] () -- C:\Windows\dellstat.ini
[2009/04/18 01:16:53 | 000,107,520 | ---- | C] () -- C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/05 12:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/01/19 23:55:47 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/01/19 22:48:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/12/10 08:28:16 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Custom Scans ==========


< %TEMP%\smtmp\*.* /s >

< >

< >

========== Files - Unicode (All) ==========
[2009/04/17 18:20:56 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\???????????????????????4???????????????????????) -- C:\Windows\SysWow64\㩃停潲牧浡䘠汩獥⠠㡸⤶噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/04/17 18:20:56 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\???????????????????????4???????????????????????) -- C:\Windows\SysWow64\㩃停潲牧浡䘠汩獥⠠㡸⤶噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Matthew\Documents\Shareaza Downloads:Shareaza.GUID

< End of report >

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:45 PM

Posted 14 December 2011 - 07:45 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [PC MightyMax 2011 Tray Icon] "C:\Program Files (x86)\PC MightyMax 2011\TrayIcon.exe" File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63232
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63232
    IE - HKU\S-1-5-21-1937645594-2378020060-2163045775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1937645594-2378020060-2163045775-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63232
    FF - prefs.js..network.proxy.ftp: "127.0.0.1"
    FF - prefs.js..network.proxy.ftp_port: 63232
    FF - prefs.js..network.proxy.gopher: "127.0.0.1"
    FF - prefs.js..network.proxy.gopher_port: 63232
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 63232
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "127.0.0.1"
    FF - prefs.js..network.proxy.socks_port: 63232
    FF - prefs.js..network.proxy.ssl: "127.0.0.1"
    FF - prefs.js..network.proxy.ssl_port: 63232
    [2011/11/22 22:22:33 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\KTTTZZqhYCwkVrO
    [2011/11/22 22:22:33 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\fGGG44amH6sW7fL
    [2011/11/22 22:22:28 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\hUUVVrllOBtP0cS
    [2011/11/22 22:22:27 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\31E38
    [2011/11/22 22:22:25 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\tBPcvo45J7EKR
    [2011/11/22 22:22:24 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\JnnnF44amH5W
    [2011/11/22 22:22:20 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\UellIBBtzPNyA1v
    [2011/11/22 22:20:59 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\WVrrzONtAc2iD3n
    [2011/11/22 22:20:59 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\S6ddWK7fRL9gXjC
    [2011/11/18 17:39:10 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\mNNNyxxA0uvSi
    [2011/11/18 17:39:10 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\lekkIIBrz
    [2011/11/18 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\bjCCwkIIVrO
    [2011/11/18 17:39:05 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\SvvD2obF45sQ6dK
    [2011/11/18 17:39:05 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\eNNNyxxAuv2oF3
    [2011/12/07 20:12:01 | 000,008,476 | -HS- | M] () -- C:\Users\Matthew\AppData\Local\855168y7r243g510g801n3taf3k8
    [2011/12/07 20:12:01 | 000,008,476 | -HS- | M] () -- C:\ProgramData\855168y7r243g510g801n3taf3k8
    [2011/12/01 18:57:23 | 000,010,728 | -HS- | M] () -- C:\Users\Matthew\AppData\Local\0244py2ts202a383on6uyu3m022hn5u8b48x5
    [2011/12/01 18:57:23 | 000,010,728 | -HS- | M] () -- C:\ProgramData\0244py2ts202a383on6uyu3m022hn5u8b48x5
    [2011/12/06 17:12:41 | 000,008,476 | -HS- | C] () -- C:\Users\Matthew\AppData\Local\855168y7r243g510g801n3taf3k8
    [2011/12/06 17:12:41 | 000,008,476 | -HS- | C] () -- C:\ProgramData\855168y7r243g510g801n3taf3k8
    [2011/12/01 18:34:33 | 000,010,728 | -HS- | C] () -- C:\Users\Matthew\AppData\Local\0244py2ts202a383on6uyu3m022hn5u8b48x5
    [2011/12/01 18:34:33 | 000,010,728 | -HS- | C] () -- C:\ProgramData\0244py2ts202a383on6uyu3m022hn5u8b48x5
    [2011/06/17 17:02:00 | 000,011,184 | -HS- | C] () -- C:\Users\Matthew\AppData\Local\0p5p561hma
    [2011/06/17 17:02:00 | 000,011,184 | -HS- | C] () -- C:\ProgramData\0p5p561hma
    [2011/06/14 17:12:30 | 000,009,810 | -HS- | C] () -- C:\Users\Matthew\AppData\Local\5v2622g0y4yi4d3y2re0yqo425p8738364r4f5n384gliy7
    [2011/06/14 17:12:30 | 000,009,810 | -HS- | C] () -- C:\ProgramData\5v2622g0y4yi4d3y2re0yqo425p8738364r4f5n384gliy7
    [2011/06/02 15:10:00 | 000,010,298 | -HS- | C] () -- C:\Users\Matthew\AppData\Local\xrm18qj0cd35y3625x7x2jiavwuol
    [2011/06/02 15:10:00 | 000,010,298 | -HS- | C] () -- C:\ProgramData\xrm18qj0cd35y3625x7x2jiavwuol
    [2011/03/06 21:03:57 | 000,011,216 | -HS- | C] () -- C:\Users\Matthew\AppData\Local\3501362225
    [2011/03/06 21:03:57 | 000,011,216 | -HS- | C] () -- C:\ProgramData\3501362225
    [2010/03/16 16:21:51 | 000,008,498 | -HS- | C] () -- C:\Users\Matthew\AppData\Local\857s34XEOqW2g
    [2010/03/16 16:21:51 | 000,008,498 | -HS- | C] () -- C:\ProgramData\857s34XEOqW2g
    [2010/03/16 15:15:59 | 000,001,410 | -HS- | C] () -- C:\Users\Matthew\AppData\Local\EAvy
    [2010/03/16 15:15:59 | 000,001,410 | -HS- | C] () -- C:\ProgramData\EAvy
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:45 PM

Posted 17 December 2011 - 02:56 AM

Hello


Just checking in on you. How are things going?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 dadcruise86

dadcruise86
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 19 December 2011 - 08:59 PM

so far so good. still running a little slow though.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:45 PM

Posted 20 December 2011 - 12:35 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 dadcruise86

dadcruise86
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 21 December 2011 - 12:16 AM

ComboFix 11-12-20.04 - Matthew 12/20/2011 23:13:18.9.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2543 [GMT -5:00]
Running from: c:\users\Matthew\Desktop\ComboFix.exe
Command switches used :: c:\users\Matthew\Desktop\CFScript.txt
AV: Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\imm32.dll . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
.
.
2011-12-21 05:09 . 2011-12-21 05:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-21 05:09 . 2011-12-21 05:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-21 05:09 . 2011-12-21 05:09 -------- d-----w- c:\users\AppData\AppData\Local\temp
2011-12-21 02:03 . 2011-12-06 22:22 28760 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-12-15 20:57 . 2011-11-03 06:55 1147392 ----a-w- c:\windows\system32\wininet.dll
2011-12-15 00:23 . 2011-12-15 00:23 -------- d-----w- C:\_OTL
2011-12-08 23:46 . 2011-12-21 05:09 -------- d-----w- c:\users\Matthew\AppData\Local\temp
2011-12-02 00:33 . 2011-12-02 00:33 -------- d-----w- c:\users\Matthew\AppData\Roaming\Template
2011-11-23 04:50 . 2011-11-23 04:50 -------- d-----w- c:\users\Matthew\AppData\Roaming\SUPERAntiSpyware.com
2011-11-23 04:50 . 2011-11-23 04:50 -------- d-----w- c:\programdata\!SASCORE
2011-11-23 04:50 . 2011-11-23 04:50 -------- d-----w- c:\program files\SUPERAntiSpyware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 04:21 . 2011-06-11 15:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-15 18:16 . 2010-10-11 19:25 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 18:16 . 2010-10-11 19:24 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 18:16 . 2010-10-11 19:24 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 18:16 . 2010-10-11 19:24 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 18:16 . 2010-10-11 19:24 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 18:16 . 2010-10-11 19:24 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 18:16 . 2010-10-11 19:24 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 18:16 . 2010-10-11 19:24 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 18:16 . 2010-10-11 19:24 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-08_02.09.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-15 20:57 . 2011-11-03 06:18 66560 c:\windows\SysWOW64\mshtmled.dll
- 2011-10-14 23:37 . 2011-09-30 23:02 66560 c:\windows\SysWOW64\mshtmled.dll
+ 2011-12-15 20:57 . 2011-11-03 04:44 13312 c:\windows\SysWOW64\msfeedssync.exe
- 2011-10-14 23:37 . 2011-09-30 21:29 13312 c:\windows\SysWOW64\msfeedssync.exe
- 2011-10-14 23:37 . 2011-09-30 23:02 55296 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-12-15 20:57 . 2011-11-03 06:18 55296 c:\windows\SysWOW64\msfeedsbs.dll
- 2011-10-14 23:37 . 2011-09-30 23:06 64512 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-12-15 20:58 . 2011-11-03 06:22 64512 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-12-15 20:57 . 2011-11-03 06:17 43520 c:\windows\SysWOW64\licmgr10.dll
- 2011-10-14 23:37 . 2011-09-30 23:02 43520 c:\windows\SysWOW64\licmgr10.dll
- 2011-10-14 23:37 . 2011-09-30 23:01 25600 c:\windows\SysWOW64\jsproxy.dll
+ 2011-12-15 20:58 . 2011-11-03 06:17 25600 c:\windows\SysWOW64\jsproxy.dll
+ 2011-12-15 20:57 . 2011-11-03 06:17 71680 c:\windows\SysWOW64\iesetup.dll
- 2011-10-14 23:37 . 2011-09-30 23:01 71680 c:\windows\SysWOW64\iesetup.dll
- 2011-10-14 23:37 . 2011-09-30 23:01 55808 c:\windows\SysWOW64\iernonce.dll
+ 2011-12-15 20:57 . 2011-11-03 06:17 55808 c:\windows\SysWOW64\iernonce.dll
+ 2008-01-21 03:20 . 2011-12-15 03:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-12-01 22:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-12-15 03:35 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-12-01 22:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-12-01 22:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-12-15 03:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-12-20 01:39 69750 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-17 23:57 . 2011-12-20 01:39 19662 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1937645594-2378020060-2163045775-1000_UserData.bin
- 2011-10-14 23:37 . 2011-09-30 23:21 96768 c:\windows\system32\mshtmled.dll
+ 2011-12-15 20:57 . 2011-11-03 06:50 96768 c:\windows\system32\mshtmled.dll
+ 2011-12-15 20:57 . 2011-11-03 05:11 12288 c:\windows\system32\msfeedssync.exe
- 2011-10-14 23:37 . 2011-09-30 21:47 12288 c:\windows\system32\msfeedssync.exe
+ 2011-12-15 20:57 . 2011-11-03 06:50 71680 c:\windows\system32\msfeedsbs.dll
- 2011-10-14 23:37 . 2011-09-30 23:21 71680 c:\windows\system32\msfeedsbs.dll
+ 2011-12-15 20:57 . 2011-11-03 06:55 93184 c:\windows\system32\migration\WininetPlugin.dll
- 2011-10-14 23:37 . 2011-09-30 23:25 93184 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-12-15 20:57 . 2011-11-03 06:50 56832 c:\windows\system32\licmgr10.dll
- 2011-10-14 23:37 . 2011-09-30 23:21 56832 c:\windows\system32\licmgr10.dll
- 2011-10-14 23:37 . 2011-09-30 23:21 31744 c:\windows\system32\jsproxy.dll
+ 2011-12-15 20:57 . 2011-11-03 06:50 31744 c:\windows\system32\jsproxy.dll
- 2011-10-14 23:37 . 2011-09-30 23:20 77312 c:\windows\system32\iesetup.dll
+ 2011-12-15 20:57 . 2011-11-03 06:49 77312 c:\windows\system32\iesetup.dll
+ 2011-12-15 20:57 . 2011-11-03 06:49 72192 c:\windows\system32\iernonce.dll
- 2011-10-14 23:37 . 2011-09-30 23:20 72192 c:\windows\system32\iernonce.dll
+ 2011-12-15 20:57 . 2011-11-03 05:11 70656 c:\windows\system32\ie4uinit.exe
- 2011-10-14 23:37 . 2011-09-30 21:47 70656 c:\windows\system32\ie4uinit.exe
+ 2011-05-21 04:14 . 2011-08-31 22:00 25416 c:\windows\system32\drivers\mbam.sys
+ 2011-12-15 20:58 . 2011-10-25 16:09 85504 c:\windows\system32\csrsrv.dll
- 2011-07-14 04:21 . 2011-04-20 15:58 85504 c:\windows\system32\csrsrv.dll
- 2009-04-17 22:44 . 2011-12-08 02:08 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-17 22:44 . 2011-12-21 02:03 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-17 22:44 . 2011-12-21 02:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-17 22:44 . 2011-12-08 02:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-17 22:44 . 2011-12-08 02:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-17 22:44 . 2011-12-21 02:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-08 23:04 . 2011-11-04 22:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-08 23:04 . 2011-12-21 02:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-08 23:04 . 2011-11-04 22:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-08 23:04 . 2011-12-21 02:44 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-08 23:04 . 2011-11-04 22:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-08 23:04 . 2011-12-21 02:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-29 20:07 . 2011-12-08 01:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-29 20:07 . 2011-12-20 01:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-29 20:07 . 2011-12-08 01:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-29 20:07 . 2011-12-20 01:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-15 20:58 . 2011-11-08 14:42 2048 c:\windows\SysWOW64\tzres.dll
- 2011-08-24 02:33 . 2011-07-11 13:25 2048 c:\windows\SysWOW64\tzres.dll
- 2011-08-24 02:33 . 2011-07-11 13:45 2048 c:\windows\system32\tzres.dll
+ 2011-12-15 20:58 . 2011-11-08 14:58 2048 c:\windows\system32\tzres.dll
- 2011-12-06 23:52 . 2011-12-08 01:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-20 01:23 . 2011-12-20 01:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-20 01:23 . 2011-12-20 01:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-06 23:52 . 2011-12-08 01:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-15 20:58 . 2011-11-03 06:22 916992 c:\windows\SysWOW64\wininet.dll
- 2011-10-14 23:37 . 2011-09-30 23:06 105984 c:\windows\SysWOW64\url.dll
+ 2011-12-15 20:58 . 2011-11-03 06:21 105984 c:\windows\SysWOW64\url.dll
- 2011-10-14 23:37 . 2011-09-30 23:04 206848 c:\windows\SysWOW64\occache.dll
+ 2011-12-15 20:57 . 2011-11-03 06:20 206848 c:\windows\SysWOW64\occache.dll
+ 2011-12-15 20:57 . 2011-11-03 06:18 611840 c:\windows\SysWOW64\mstime.dll
- 2011-10-14 23:37 . 2011-09-30 23:03 611840 c:\windows\SysWOW64\mstime.dll
- 2011-10-14 23:37 . 2011-09-30 23:02 602112 c:\windows\SysWOW64\msfeeds.dll
+ 2011-12-15 20:57 . 2011-11-03 06:18 602112 c:\windows\SysWOW64\msfeeds.dll
- 2011-10-14 23:37 . 2011-09-30 21:29 133632 c:\windows\SysWOW64\ieUnatt.exe
+ 2011-12-15 20:57 . 2011-11-03 04:45 133632 c:\windows\SysWOW64\ieUnatt.exe
+ 2011-12-15 20:57 . 2011-11-03 06:17 164352 c:\windows\SysWOW64\ieui.dll
- 2011-10-14 23:37 . 2011-09-30 23:01 164352 c:\windows\SysWOW64\ieui.dll
+ 2011-12-15 20:57 . 2011-11-03 06:17 109056 c:\windows\SysWOW64\iesysprep.dll
- 2011-10-14 23:37 . 2011-09-30 23:01 109056 c:\windows\SysWOW64\iesysprep.dll
+ 2011-12-15 20:57 . 2011-11-03 06:17 184320 c:\windows\SysWOW64\iepeers.dll
- 2011-10-14 23:37 . 2011-09-30 23:01 184320 c:\windows\SysWOW64\iepeers.dll
- 2011-10-14 23:37 . 2011-09-30 23:01 387584 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-12-15 20:57 . 2011-11-03 06:17 387584 c:\windows\SysWOW64\iedkcs32.dll
- 2011-10-14 23:37 . 2011-09-30 21:29 174080 c:\windows\SysWOW64\ie4uinit.exe
+ 2011-12-15 20:57 . 2011-11-03 04:45 174080 c:\windows\SysWOW64\ie4uinit.exe
+ 2011-12-15 20:58 . 2011-10-14 16:02 429056 c:\windows\SysWOW64\EncDec.dll
- 2011-03-09 03:38 . 2010-12-29 18:28 429056 c:\windows\SysWOW64\EncDec.dll
+ 2009-04-18 02:15 . 2011-12-20 21:25 378248 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 15:45 . 2011-12-20 01:39 103134 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-15 20:57 . 2011-11-03 06:54 108032 c:\windows\system32\url.dll
- 2011-10-14 23:37 . 2011-09-30 23:25 108032 c:\windows\system32\url.dll
- 2006-11-02 12:46 . 2011-11-29 20:30 604502 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-12-15 21:45 604502 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-12-15 21:45 104170 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2011-11-29 20:30 104170 c:\windows\system32\perfc009.dat
- 2011-10-14 23:37 . 2011-09-30 23:23 243712 c:\windows\system32\occache.dll
+ 2011-12-15 20:57 . 2011-11-03 06:53 243712 c:\windows\system32\occache.dll
- 2011-10-14 23:37 . 2011-09-30 23:21 710656 c:\windows\system32\msfeeds.dll
+ 2011-12-15 20:57 . 2011-11-03 06:50 710656 c:\windows\system32\msfeeds.dll
- 2011-10-14 23:37 . 2011-09-30 21:48 162816 c:\windows\system32\ieUnatt.exe
+ 2011-12-15 20:57 . 2011-11-03 05:11 162816 c:\windows\system32\ieUnatt.exe
+ 2011-12-15 20:57 . 2011-11-03 06:49 219136 c:\windows\system32\ieui.dll
- 2011-10-14 23:37 . 2011-09-30 23:20 219136 c:\windows\system32\ieui.dll
- 2011-10-14 23:37 . 2011-09-30 23:20 132096 c:\windows\system32\iesysprep.dll
+ 2011-12-15 20:57 . 2011-11-03 06:49 132096 c:\windows\system32\iesysprep.dll
+ 2011-12-15 20:57 . 2011-11-03 06:49 252416 c:\windows\system32\iepeers.dll
- 2011-10-14 23:37 . 2011-09-30 23:20 252416 c:\windows\system32\iepeers.dll
- 2011-10-14 23:37 . 2011-09-30 23:20 459776 c:\windows\system32\iedkcs32.dll
+ 2011-12-15 20:57 . 2011-11-03 06:49 459776 c:\windows\system32\iedkcs32.dll
+ 2006-11-02 15:21 . 2011-12-16 08:25 393528 c:\windows\system32\FNTCACHE.DAT
- 2006-11-02 15:21 . 2011-10-15 20:16 393528 c:\windows\system32\FNTCACHE.DAT
- 2011-03-09 03:38 . 2010-12-29 19:01 559616 c:\windows\system32\EncDec.dll
+ 2011-12-15 20:58 . 2011-10-14 17:30 559616 c:\windows\system32\EncDec.dll
- 2009-03-05 18:18 . 2011-08-03 04:35 347480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-03-05 18:18 . 2011-12-14 02:41 347480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-02-09 14:19 . 2011-12-06 23:51 377860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-09 14:19 . 2011-12-17 04:03 377860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-12 22:02 . 2011-12-12 22:02 188416 c:\windows\Installer\204928c.msi
- 2011-10-14 23:37 . 2011-09-30 23:06 1212416 c:\windows\SysWOW64\urlmon.dll
+ 2011-12-15 20:58 . 2011-11-03 06:21 1212416 c:\windows\SysWOW64\urlmon.dll
+ 2011-12-15 20:58 . 2011-11-03 06:18 5978112 c:\windows\SysWOW64\mshtml.dll
+ 2011-12-15 20:58 . 2011-11-03 06:17 2000384 c:\windows\SysWOW64\iertutil.dll
- 2011-10-14 23:37 . 2011-09-30 23:01 2000384 c:\windows\SysWOW64\iertutil.dll
+ 2011-12-15 20:57 . 2011-11-23 13:57 2764800 c:\windows\system32\win32k.sys
- 2011-10-14 23:37 . 2011-09-30 23:25 1488384 c:\windows\system32\urlmon.dll
+ 2011-12-15 20:57 . 2011-11-03 06:55 1488384 c:\windows\system32\urlmon.dll
- 2011-10-14 23:37 . 2011-09-30 23:22 1062912 c:\windows\system32\mstime.dll
+ 2011-12-15 20:57 . 2011-11-03 06:51 1062912 c:\windows\system32\mstime.dll
+ 2011-12-15 20:58 . 2011-11-03 06:50 9292288 c:\windows\system32\mshtml.dll
- 2011-10-14 23:37 . 2011-09-30 23:20 2350592 c:\windows\system32\iertutil.dll
+ 2011-12-15 20:57 . 2011-11-03 06:49 2350592 c:\windows\system32\iertutil.dll
+ 2011-12-15 20:57 . 2011-11-03 06:17 11081728 c:\windows\SysWOW64\ieframe.dll
- 2011-10-14 23:37 . 2011-09-30 23:01 11081728 c:\windows\SysWOW64\ieframe.dll
- 2006-11-02 12:33 . 2011-11-11 18:18 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 12:33 . 2011-12-16 08:46 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 12:35 . 2011-12-16 08:04 54867776 c:\windows\system32\mrt.exe
+ 2011-12-15 20:58 . 2011-11-03 06:49 12476928 c:\windows\system32\ieframe.dll
- 2011-10-14 23:37 . 2011-09-30 23:20 12476928 c:\windows\system32\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Akamai NetSession Interface"="c:\users\Matthew\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-29 5464448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896]
"VerizonServicepoint.exe"="c:\program files (x86)\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 4318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 0255961324433068mcinstcleanup;McAfee Application Installer Cleanup (0255961324433068);c:\windows\TEMP\025596~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 136176]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw3v64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
R4 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-07-19 146816]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/05 09:36];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 02:04 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-12-03 365952]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Verizon\VSP\ServicepointService.exe [2011-01-10 689464]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-27 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-27 116096]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-13 c:\windows\Tasks\Driver Robot.job
- c:\program files (x86)\Driver Robot\1.2.0.5\DriverRobot.exe [2010-05-05 21:29]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 14:01]
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 14:01]
.
2011-12-14 c:\windows\Tasks\HPCeeScheduleForMatthew.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-01-20 19:34]
.
2011-12-20 c:\windows\Tasks\Reg Tool Startup.job
- c:\program files (x86)\Reg Tool\Reg Tool.exe [2009-11-23 17:49]
.
2011-12-21 c:\windows\Tasks\User_Feed_Synchronization-{F9AE37A1-703A-4142-A2D9-0DEDDD7756DB}.job
- c:\windows\system32\msfeedssync.exe [2011-12-15 04:44]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:63232
IE: Download with &Shareaza - c:\program files (x86)\Shareaza\RazaWebHook64.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\mj4arz0f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files (x86)\McAfee\SiteAdvisor
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Matthew\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-12-21 00:15:09
ComboFix-quarantined-files.txt 2011-12-21 05:15
ComboFix2.txt 2011-12-08 23:46
ComboFix3.txt 2011-12-08 02:14
ComboFix4.txt 2011-12-02 00:25
ComboFix5.txt 2011-12-21 04:07
.
Pre-Run: 119,107,379,200 bytes free
Post-Run: 121,682,112,512 bytes free
.
- - End Of File - - BAEAA1F7C78B246BBCF4B66ADFE31FD8

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:45 PM

Posted 21 December 2011 - 02:27 AM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
imm32.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 dadcruise86

dadcruise86
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 21 December 2011 - 09:51 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 21:48 on 21/12/2011 by Matthew
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "imm32.dll"
C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache64\imm32.dll --a---- 163840 bytes [04:29 10/01/2011] [07:11 11/04/2009] 62C15795629FA290656C6A7E5CD25F52
C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache86\imm32.dll --a---- 116224 bytes [04:29 10/01/2011] [06:26 11/04/2009] B8FBE5F40B09F5D20E1E5CCFEF893D62
C:\Windows\ERDNT\cache64\imm32.dll --a---- 163840 bytes [04:29 10/01/2011] [07:11 11/04/2009] 62C15795629FA290656C6A7E5CD25F52
C:\Windows\ERDNT\cache86\imm32.dll --a---- 116224 bytes [04:29 10/01/2011] [06:26 11/04/2009] B8FBE5F40B09F5D20E1E5CCFEF893D62
C:\Windows\System32\imm32.dll --a---- 116224 bytes [19:17 20/10/2009] [06:26 11/04/2009] B8FBE5F40B09F5D20E1E5CCFEF893D62
C:\Windows\SysWOW64\imm32.dll --a---- 116224 bytes [19:17 20/10/2009] [06:26 11/04/2009] B8FBE5F40B09F5D20E1E5CCFEF893D62
C:\Windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_b874b99a32c86e38\imm32.dll --a---- 163840 bytes [02:48 21/01/2008] [02:48 21/01/2008] 8D2C00D198598AAE77B1648FFBF39895
C:\Windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_ba6032a62fea3984\imm32.dll --a---- 163840 bytes [19:17 20/10/2009] [07:11 11/04/2009] 62C15795629FA290656C6A7E5CD25F52
C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_c2c963ec67293033\imm32.dll --a---- 116224 bytes [02:49 21/01/2008] [02:49 21/01/2008] CA3091655E2257B3E3EA86F79A696C56
C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_c4b4dcf8644afb7f\imm32.dll --a---- 116224 bytes [19:17 20/10/2009] [06:26 11/04/2009] B8FBE5F40B09F5D20E1E5CCFEF893D62

-= EOF =-

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:45 PM

Posted 21 December 2011 - 10:21 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 dadcruise86

dadcruise86
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 22 December 2011 - 04:17 PM

AAC Decoder
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Akamai NetSession Interface Service
Amazon Kindle
AMD USB Audio Driver Filter
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
AutoUpdate
AVS Media Player 3.1
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Driver Robot
ESU for Microsoft Vista
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Common Access Service Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart TV
HP MediaSmart Webcam
HP MULTIPLE MODEM INSTALLER for VISTA
HP Quick Launch Buttons 6.40 L1
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0129
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Java Auto Updater
Java™ 6 Update 26
Java™ 6 Update 7
JMicron JMB38X Flash Media Controller
Juno Preloader
LabelPrint
Lexmark 640 Series
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Security Scan Plus
Metacafe
Microsoft Live Search Toolbar
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MKV Splitter
Move Media Player
Mozilla Firefox (3.6.20)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetZero Preloader
PC MightyMax 2011
Power2Go
PowerDirector
QuickTime
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Reg Tool
RPS CRT
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Shareaza 2.5.1.0
Skins
Slingbox - Watch Your TV Anywhere
SlingPlayer
SPORE Creature Creator Trial Edition
Super Crossword Creator 5.0.8
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Office 2007 (KB934528)
VC80CRTRedist - 8.0.50727.762
Verizon Internet Security Suite
Verizon Servicepoint 3.7.44
VoiceOver Kit
WeatherBug
Yahoo! Messenger
Yahoo! Toolbar

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:45 PM

Posted 23 December 2011 - 08:32 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Java™ 6 Update 26
Java™ 6 Update 7
McAfee Security Scan Plus
WeatherBug


and click on remove

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 dadcruise86

dadcruise86
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 23 December 2011 - 09:56 PM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122309

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19170

12/23/2011 21:53:18
mbam-log-2011-12-23 (21-53-18).txt

Scan type: Quick scan
Objects scanned: 186177
Time elapsed: 7 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 dadcruise86

dadcruise86
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 23 December 2011 - 09:59 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:59:16, on 12/23/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19170)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Users\Matthew\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Users\Matthew\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:63232
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111220210353.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Matthew\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files (x86)\Shareaza\RazaWebHook64.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: McAfee Application Installer Cleanup (0043741324446638) (0043741324446638mcinstcleanup) - Unknown owner - C:\Windows\TEMP\004374~1.EXE (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee OOBE Service (McOobeSv) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12772 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users