Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection I don't know what it is


  • This topic is locked This topic is locked
29 replies to this topic

#1 neostar

neostar

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 16 December 2011 - 12:16 PM

TDSSkiller didn't find a thing and I was able to remove the Google redirect virus through the registry and it seems to be gone now.

However, something new is happening. Every time I visit a website and click on really any link (making a topic on forums,looking on something on ebay,) it redirects me in a similar fashion. I did a google for this and couldn't find any infection that behaves like this so it could possibly be new or undetected by malware bytes because my latest mbytes scans both full and quick show no infections anymore.

I also keep getting the following infection after manual removal:

win 7 anti-spyware 2012


It could be because I forgot to setup malware bytes after I removed it from my msconfig startup because after I manually remove it it's gone again and every time I keep malwarebytes running it never comes back.

I do notice it's blocking a lot of firefox's ip's though on trusted sites "Yahoo,Ebay,google ..etc) I'll write down the ips when they happen again it's an infrequent thing and most of these problems are noticed by a novice computer user my father so he can't explain to me what he's doing besides "I was on ebay".


I've attached my combofix,dxdiag,and rkill/mbam logs.

I know you don't want me running programs without "supervision" but I think I at least know somewhat of what I'm doing and I'm not a "beginner" computer user.

I've formatted this hard drive 6 times now and the "infection" is still there so I honestly don't know if this is normal or what. I'm not familiar with the way malware trojans or viruses work other than they're data on your hard drive and a low level format should clear all "data" on my hard drive.

Attached File  DxDiag.txt   33.05KB   1 downloads
Attached File  Logs.zip   10.71KB   0 downloads

Attached Files


Edited by neostar, 16 December 2011 - 12:23 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 22 December 2011 - 12:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/432811 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 neostar

neostar
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 22 December 2011 - 12:28 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by John at 12:23:12 on 2011-12-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1670 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Windows\system32\lxcgcoms.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Trillian\trillian.exe
c:\program files (x86)\trillian\plugins\skypekit.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
mStart Page = hxxp://emachines.msn.com
uURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll
mURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: RebateRobot BHO: {fa3fedf6-1a34-4076-9f25-a26a2de6a401} - C:\Program Files\RebateRobot\RebateRobot.dll
TB: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-explorer: LegacyDrive = 7c7ae7d9085de71fa18bb1ff85999a4dc1b03420a333679173a2c4bf5ebf1516b3ef39d252e22fbe6076704240d9829cbfeeca6e8ff3a179f760aba8c812645093a8fcb6192e65d203f8aa52edd182e21b5525abed9c5e199219e2e27fc1e044846fd98d4787b2e1f1d9083827c9c3a63cadeedfa577c5faad9410756913b07aef0a7860c3363e7592e131fb23096c708abecc129fccffa3aed6de6a7052fd7a3a428036758230154ed8cda3aed8a6c96d50684dc2e3349cfff3f4c87bc4eecdcfdf991845b5b04a8d858639b28099374d2a6997f8038b6e0667f99771b3acfa14a96d0d1b16f69ab7b102c316476c44921578f929752ca02dbe95df3c655e897368a11ddfecfd903424e94cc2764878a4d93d7a3b8240badabf72a9c3232d0253e3e05079801ab16ca6e4d99e54545aeb3e5fa41770ef45773335fcee3441ee1be3d0afd11a6587c8ff9b74922bb972d00c87f9a58760c86be289e1a5e2c1d535301941cf010699aef6b52486419e48b90a5c08cd11bccb1e94145fd073d63d9992640f5c7f266f8755daf262e02c651001875678542ad6f8117e7e5730a7b0fcd1591f5edaed92bce2b4e40e4e8b503bb9afeb8c99d3726120704623615db579b49f7bbf5b8289b366e80572ede291a4fa7dd0f328de26c18b92c01a4e1fd5e704df2b654a0edcd6a8215a76b959b1b18c990c9349747b80188bf3253e1696ae89c0353aefb8148c7205ed03461937cc36aaa75644bdf8069097e82d7b6983370beba32491a9b83c8a3cc5ffc44aab5cc158aa2360e025bbbaa4a5184b4121e852077d0d7a085050b96fea54791496c8f64d1ce1e7068a08601434cff7c6fa2a25bdc9dcf0febf2fc74665e8ae9d7e7a9a2e057a1f56b05348fb9d3bc61f95664eb591793cb37d417c683da5aa10eed978a66ed551f91e063b02e64302757a029396dccca64e22eea07e7a72b7936b4d575a5ef0c4165c8701d119cef1ef3268bd09b3bd75f8dc9efa2f25361b4e7f3efef5dd71c2d6f340620f3dc6ddb644fe94b51d34f3d832b9532444db1f6bb114361df38291616a9726645b120cf1382ef24322196617aca77304e2480b0f8937c77aa9f57ade49f614797a9ac7c9975e685aca5417dcd2d0227804652764901079b606b2c57619c4f6f6a2465566e7f8f5a31ecd4e502d9d2828b41abad24d05147612a1ba5060699283dbfe00efb3634fc5256c539a44744cbbf94f0ec1497f5f65d6aba195a94cb0c62eaa0e8d80073e69e71a6de39fbf57dadcec69180ae7232859b6c16c79d71a6ad932c867d84c89376dbde553c7e4122c63d914bf1aa3286aa4ac63fe5a719715407e76a6429afad6be3f0311434d425a98fe57df011d36d1bd73cf72d382ee700f766071475957efe2860f469bbeb20b834479a045bb1505aef54df16d73e8221703cdf16df16929e27c5119588729e82b91c42970e78caf7f1825a3aeaa4dd3600b074d3fcaf82dc50711b301296e9998ce7ea30a08657736c6d7af2090e52df37854ae424dcca29311963b1ead4ac5d2e4f03599866604dde6013e4b8d77d5d730fd3c00e0ac31558129da387d8514e2b96208a7c958ff7b5f9677b60acd76141d491e00ec61cb123f12b8d600e72fcf371c43bb38020f191ba583e96dadb6b325827dcadab43cd23399fc809e38bea145650f5e3d2eddbe0176896c20e03dbb32ee80e7106a089d4506cfbebf3f6860ca87949f3fa21172f951b2c8892eb4342bd750def84e8d7c5da05819cbc5d615b0c8f96ea727523deb7d2684125ec326f8831437f927747663b0c0182a92b0c8de7167ebdb854828bf430c28223a119acb3bf57b7abc64943f7e2e44456e9d7f3cc9051744849c3a5eeb8c3c20884797ad461b31e5d606ddd952cb2382214544b21afc794aecf67caebdcf4976110c2666eeade1a13d01591974bf3f4a9472511e28aa73995684fdf49800fdd78b9d094e9479d41316b9fe10e82b3120062a691686c39300ce155aac05fe3e6cc7f4e6171d30b750ac12a50b2cc1494c1c113432b4ab84351c67b4acdbfeb89292dd4a89ea5b7f1fcb0f9d51ce7c304df6ef5b7c9aaa6dc0a642b4fa044696d05421ddade3425309db7a8feab7a50eabfa8c85fc210a762ad66e02a06621feae7588498af02c5c954419a4dfce830aec92b05bb92f11c8fa12b245a6ebd519b55dda3328fa63c14b6eb5ff37fa604d9a252285bbae098bb8c4d8261279ac0e6c75df4590e72dabb3c115cdfa2582ff3c1aabaa0a8438e6f853a64ceefaec055c235f27c9a1d34256a60335303632475bdb1373af9be7022027e55f4255de280bd02181db0e9cadbb8345dfe215b84d7ecf2287b1d95d07d9a85c091472ca9c03e5eefacfa0d2156ac2a47218a95c3a2d5e9f8f1828e41ca03ed5f06e39f88cccc88e3aaca6bba1ecc9e897d8dc6636f1f05432ec6fc269fe5116bc5792af1eece3c9ea7a9fa17ac802d9f52c951d6850ed9919369540177a49e916d865397aed9c67b242edcac786d33e351bbdcbf9d4bd81ebfe84a64e9d8e14a6f79adcc9575d2f390b777fb1afa6e1fead3ab61005c98a514a233c35ed885f13be19e1abb08dea28dd250760cae288f9ebf526d66a77eaf3245a49f5f4a0940635ca90df82946026c0dfacfb5feffccddcd665738b306878931117b63a3c7926639630f654da59dcbd8db4abf6350523cec6ba0ef05dcd88a030ec9f46c5d81c50630b9fafc69df2db176897181b6aa3f8ab6ccf2264e1cd519f11d8a0a4778f041a67031ac2f30f236610e84c0bf5f4336ec4e0a8af6cecb047ce8ad0b01e2888a48d4a1d3625db9b60f4c51b6d6cbf42f80a660aa43690c50e6add5e00978ee3e7c59b4088f9ff4dee5b570ca798ab2b30868cd1ad065f97dd2ff8d34ea96b1dcd561e0c21382341f9d1c5a7224161f8fd7f778431a6012e9d6304b7901b643f3d8afc0869aaee7e67d63874462f89b1493f52ab97dc1f92344f289030b6234f1fa75dbdc816090c2179d8fc7c29ca5cfb0c43ce4971becc8c3b8de8954250585af668b1a7451cf310bfccc62af9cc03fb2f7276ae2d6ee28b6f5a462787925fd8bf466e6c00ce3b1bf23d5ab96538ad30f0092a2ed7efdf1b32b8334e4c926e804a1fc9810dc7ed295852419236b66384962d7331398bc823cecf36725bf88c3ade1a614c34b011243b34021b33ed2cde6b08d81f19eba78b89c6d7fb7a6bc2eec45fa7373f31adf3e10a25be268610a6b5c2e16040b6833aacc69e51729317844517d5a9f4f1cb7e93fd33e2d5281745bd83165d7695651a7ef614dd0a1993e4a76a74091d9972ad9835b3ef0a7c4a21cb72007c82305412497fc0059ba53ef7327f0bc180d0ab683ad92d4c8b2ab0a326b726262e2e580a53882a323ede21a3307f2238e63f7d97bf11296320d951b3187b10c4403879eae63adbcd6a6d43d1e79142d6168df0227098309b9331363ae7e647bc81f5c09b48bd5a3c56faac6aa0def103da630cf195e0c95cabdb661edc1f5278b90e3403c1382fe9cb2c6554a38dba27f869daec76c77d0e2f7fe9493f4fb95eb02af20b9bd3e33a90ab757938c722aa394661fc5ae2d31ae8c4c8a1589d05d82df2c49b1cb7fd996f20e4c0a7b4b3f465a3a9078b5953e69e530a106e32bd4dfa0ef09c8e0c056d2e33bb10377bf4c34427bbf74f5585db18d4b77dcb356924dd256af437f9841e968b015332456d7e9d7b9eb2effef26120eed8d0b5cf92c79fdf388d60a701136fd1be70de39a78d3a465a22b27b21e17c4974f0c628bf9d08e5644e503e04b681acfa4f84802904e131f82de2f59ac1f58e93c75367780edfdff61e51e5156e93c5bed86b417b495be47fbdc593e66b53653d3c96b44582ee75f4e7a9c4bda36fe711f3dda526c67006f7b9a57e8c455e757b378839af61fb4d6890a10483bddb4ffc8820d4b1e1e7406909c8dd14b9de6754a06f1b3d13cf12590181cdf025a011867f7df5a4048a39dc9577d9992e9ae2d16094857801326ad02191468b4186b0b7c03c3088961f9a5844f99aec0b5b8ff95d3f9de691ebfdd4da1998dc7a54d59733a5afe4ff6f0ae50098474bbae916d480b88b112cc4746d9e60eb6b39d4272fc0009740a742328cb19a08ada20c1e6ab14678813b8377a3b5af65c1e4cc4f8650941324f660b9543d4807982b8c4fc4d9328cbc24f1ad7fa64e3165e405f4a4c9aa491954d148468dea6997bd3052e9dec5ee4c51d6bf08cf8575dfa247bf92158a61a6299b876889c8592fc0c1cfe1aa44c7b928fa5547189c5ab8855958571a7c8454dd4a1dc41929fdea9c086db523faaf89132415426ada0777f40566fbc2c8daaad863b36226577d4fbacad56c332e7c46791eaa03ab88a5a459119187f4b58a3082aef048969802e680d2af0ec127a877c1aeba92c5ee5bc71b468396978cbd6e43f57d805335b43857e7a2a4b42eeba5559deef59e545269a26ce17495969aed84fe01124376bacca7d05634f68b6d579cb2ed362002b111564b56e6d5184a34ab92250450a23d2af05674c96e865515feb7605d313fa1489faa875e3f5df4cb22799160610364db5341a4680467cc68e372ee70bb554a95e5531fe7bbacc13b4f7bec2e5ddf58667f598d1ba075f9d6b3ad4079a5cfd380900cc486314cd80b9c60de742e7f4053c465d8e92af905e9d62efd7fd7276591089e1f45898663c370ef113cbb2b452b892f2cdb8a3b1729b5bece8b39732751b5d1d72baba287ec32f1a78dec2a8f75387d32f7a983581db6245ba4b3b84247ff6c944080e86e0d4c2fd470a9c645b9381892476d19ef4d422a4bd22d3cddfc4f39008dee9f40ae256eb5ebda458f80f1c8f3d3bf4406b1c296461d8f4921f60bfec019de1124572579750967f09750cb54fda1884ec2829c31f68ec12535bf9d847fed39844391b417bdcf390f82b42e865abcae7d4d973ac3012cab1843df6b93e30ff541c5e33a0f354736ea7b318224af291b1acf0802140f00356c70dcdff39489cc90d1d61f2a847847c8a8512ff7a7f1b56c6f5e5eebc9104867e640606b3b63d4b88ff1cb30536a54f3319b9de8e71d66bd5620b511d666ca53cd9255c480a3e70329bca7e9492646b13f97355c1ab51553acd66e4fdf0aa5764c5b28c60a53ecb7c4bf191c0fb3034bface5d7de6bfa9789808f36b8c02bf19d0224039827acb1d8b838a934c19750989c77ef4f3450c71423fab2d84580283b56f05e58f216b7da38f6314a9618332150a0187ea4e2589d302fe5f701455feeecbdf92da4fb61f376b0a68ced21410c5204cff73e3dc0773da54c7f73c9fd05fbc36070b0c934a6da0e95762b412e9c290c923350b1932494e152fc2daca4231cc720dc960ea486db567a80dd0640633e2debdd9cec4547ee6dc5d79f5bd9c8c83fb6cbc54a45f6032eb2579ecf2af419ff5930634c5b3392a7919c2966026976839ec8defa7d86ea0df944b13a42b144e756f65460597a3a3eb2d48c49b287b039554e43adcfdbe85aabe2e4a62c4d377c6179e0b6a4ae4d8685fb18756e960dc756e683b2b0f796cb46bc89b14c0a6a35053588bdd1323515979a6e779b26c7c4300c2fc7d5ec6da6562c10da268b7587bedaecf473988972441ceedeccbca6a65d39985b82ece59256dc2a8f4042b21afabf1de8e053d313380d2a0977ca02e45af96dcc6c8b9705c527375f2dc2d8354571fc19cbf67a7ecfd5909630d17b7495c610b8d74aea872da7b7b8537e308d2b7707e57af3182b9820c2e36c5565adba1a11af779d587cfcd82c3935f753791948a1fa91cc04901d59319f9ed86d16247ff0fea215797dbf33253989a0c98f9b515ab79503f842cbf95d295cdce3e451722f450b25c60ff143135c431d0b473e4ba2bae91d4bca108ba5ff0ad572aeed6b2d010750b69a1f72771b76ce81265e720a63228a777cac7accaf4d5481dc44f59ac12b28d3a2a65bd0dc5927d3b3987f124ec5de1400ed7101b888cca9d2f49bd8f3eb1095b03269a13d8edb6b5558cd2aec477aa9cd5ec9158931c0534978b86817cb9db559202688ad7c3bc0a23be6d4aa2c029158780d48bffcb206964de5d8bb41392ae41c1cc7baa5db6c109e56a036e7e87328d5b84bbb3e244c4fe0aeab3ce08eef1772a70ed3803cd6371c871f210faec7b4d4547f197a898ceced7d403b2dee5a39c06fce86bfc2977c23028e5717c7e793006c5349367450e3a0dc48348dd9e4e171d18752a92f18564e53a1f774b68b39e65a88c8f65720ddd73613a794f427952376a9a5e0b4d16beaf4d940bb1d0b2002c950173ec48518ad254302b7af8adb41c9d61edb067b13a560a4d16f4dffcbc21369c2742ee643df2446d47a8e971a59357d2c0e964de3fa118517e5dbc1b3c0d336493af8dce2e9bdafab61f3c4d8d6640f4bf9e6f2536591fa82d348f97e6b73462a07d4d15c395bdde5f271ac9d45b02cfd276ae0f8546c95b09c182f624e9f29c34f255c366a79721290aab6ee33b426be29b49239530bc71fc4bbbc25d69df1c3958ce5f7e9b0dccfe0e16c320cdabd1d55369e9cedfa0f2ec1c6282f900daea95f5df727337c9e5c57d84b7f4dbe20895e736ea981b1ee7c37aa0bf5f76790c3212b183ad447377659d1c9ec72b9218089fd7ad5cabde5768ae9d00f993638cf6f66c1a9389b287c8b707340287610a18c275bb8058874ae60080cd2e1f4171cbeb37c08fd02f1fd5126c9b0bb5f7e5ac9a379a6eeac1c8bcb771ae66e1bac498373afb08df924674f874594c7dfdb1ab6d46d48c2936da3b1d9a2c09a2778c44239e5667ca82058daf47f82ca91b76ff84c9f144dc8b87287820ce802a1fd1b9f78b561278a76308800c0012fff83d8f27e977fdcd6bd86b112e1d31415b9cdefb28857292aa68ceb3ebf768493d0d439debf01fc27cd3ec30eaa085afd3f49b779e6aef95331cc5900e67954d91ef03309fe311846682941d7cdfe43b2ee1d8b2148df248e988d65f9ad701d49deab72684d93ddbd2ed491f0d62b7af15c27df5b377e17475b3e967bad014a5090647c8a7590a8e681bf47fc5b264d12f9b7288a3af26e17fa5e7f194d9368a7c4b9c5e2debe067cf147e86cb56556a2578a0b30bbd2757ae67b645507aeb499ec29c304117272cb0e0cd7948d6f0419e0aedbe142a4e9eaa0040ab173b47ab18723085096647a6b288cba363bb9f20435a42f0e57d017d1c786c6b11a50678926440a7ad5fa99d7e135fb5458bc9cdbb6f8892a73eaabeacd821cc653f7478b39eb5dc568bb3d9bb8970b815d1d611af52a5ec81f6b027012749173b91fa72242a756d2c70ce2112f2e833fc122db4c70983469c2c7b81e76dcb95bd24fe308d106aa25698633e2b57ae0422d8387eaa9e08e81f6873939cb28f8b117fe97895567bc2fd8bd8f9adbfaa73aeaa5e3701181e193332002732ff7d445f2b2413e4068f1748ec97184033c4c8c91107a67380ac2300138a032d5b7d07d0ae16c9232790e760ee06638ebae44a9a949b94a9dd9a4cad9279f036cf771b8b922661fac2657b6c708fa43c5cf2424abb83c94b37ecdd633835b6f56253c9b95ebea510def61b95db99a1f521d6f8000e250d0097351d498b261d111cf959829b455b0e832b0e03b98b235f1278b4e516ea287004b3568815b5ed330551130dd022b59bb9ec9edd91cff22236c1be205a3ae1448631ce475e48ed0226443e8385bf40608921114becccd6e796975dda627e01242597cfafec48e62786b8240b4383ff05fab2b07751ea975638e3dbaeb71c51b7eace9fe7491ea1492d960bce90d650311587c3864891fc16268e7e6ae07e96a6dcbc8618fd30e31124c73cf4f720fc8ce18892a35929cfd0687e8f90650a9b98034ace6a8ee87727c531ffa4fdc9ccbf669e64f40d1ad62b049d55d4cf2a27366860bd0486ad24321fbe9c062c3a8572acaf83a1ebccdad004d21a5fa545012812e79d0f6de6b1da34555a430bd9f24cbca535d37cdba2666f0424586fc3f21509c5b4b2c9fde7c9b8dd8283220fdaf69d66c3b24614f8964e1dbde8b60bc2a556e44b1624598ea4b3405cedfa45041857dc7565d379a208a8042b3700873982002adc6305626e162e6530aa1ae13958f3ed9215ab40696385a1b66cd89e1e510f8118c0f5804ec42f3446e20a4c4161788364e954cf1550eedca8b0c3b83bbd8cd0de557b1bf759c195e5bc53efe4f0ee85310a58906e76e99d472a4b3d566b7eff444b1f9b327be97057607c31ea695ddb429f3fea3b7e81ccdd03f7963806edf692ca6968c5d3b1ade2f70d791ab8ce6cdfd18f44460fbb51b062b729a934e29c10f9e2eb78082034cfa98f313d6f48224fc8d20855d2a1140870dc5f719d63db0601118a15c23eee669d89c01b35d4e4dcab8f9d316e3afe2f5525a157eb7b9abb097eae62ab14e6eefc838e7cb3799bcca24f6ba28c8ef56c38b35524c32fc2783ab2c02968a996b1ed050328903f2d68d799da70d4a6e206410ce4a0cf893985bc342630a40656f5999887e6752e83f86ff552beed89ae4699bab793b790e82ab68c4a400531e70327c382800a4f85c495eb3b41803f3f74684535c5234cb7af5143922033343323c00f5cbcf6a91b136f04fdd534d17fd8d533c5febac68f5be0e0689ad717209c8c037d63e2442e2f25c700e6b24654b9090ed1052405567707eb337499e098b8b2274d3d7529a45ee0bdad3ca1a6a8612c5dc0a30a11f64b74ed5b77209982bd5b03351158bd67e9c86c6a9eaafa621665a9faa014f3551f216d476b1549c6f4ae209ba932ee5d18045ea0d675496a21dc79e6c4e9b25d3b36f361181ff94ca5d405e9cbacdf7032bd1bb8aaa99ba8caba55f8d63256f4e6dc071045e7b0fb18f43a85406e3987811a2918e3eff8045827c579a096e8046a3b32bcbc1576bd943748d9cf1f04894b44122a49ee6966154a52f0e8be6f740d7afbcd43505379bec5b64b42684960d9625e54a34ff5b6474c83b97751f32c18c1ebaca3405018cbc50c4560f00ff3739d9300bbb9a5dc3754e13d15f87d14d33a88bfa48e74801560d32ef0605e2a601d3b9557ee80c02d8bf3e4895b1314850b5d6f0de2c89a88bd926dbb5f3eedea09dd7b404a8e4a701941179d21c014775cef25a8e3524e6e05d16c8996b8245789021a3ec1d7634a25533c17f389fcf256e8473b3a1c850d5f189221acd3b7f0c731da18e264f101d7b2bcc07878b43c206f3e8f8e2e25aff4f0474d4a988ffde8f22398543cdede59e500605994249de36c736c888e189aebe0f3d3180dd2c617cd5d84c0671029d0746fbf3de5345fc7484d99d04644166d71ff7cbd3ca9927a4bf0a5cdee712a67e870a4cd74cdc9f38a33e00d5e936da229d110e22dbcab39f344c324d8e72944c76defb048d52290ba8f07e8dcece5b193d2572ee7b4577d4ec1a66c2d5c6d8f9ccd248f6936b3c560c8d708ca36c8c3346a194a7277df6ee2d0154ef5b73f71ecf84e12e0d6c4bb054618152f5b5cff96021dddd6ef8b333ad7d97239e0e71141551fe0b49f9c9a307192b91442ea8e40002c901b03a2f5db3fba7f01bfad99224e5ea2ed7785896ab10c9a80d3b997bace0e0b4a9a6edb4f71801eb83cd82e184ad5ff9448c5b03a6e50607bf613438dd28bf56b9e350e1dd4f3f6393fb2faaab24aa0b0f9a538281024b40e933eba40766af684f640b5cdcfdbb0bab0812560ec862d49726d49bcff513e3f9283235b2075b89f8ad7f9e7ccfff3de778ed7c261514d689b650a7fa39fa518db2aa6663a72e0c3424102f4322868ae7c2137597972a8135cd5a4f864d592a1567b6cea2b2a19f906e8f77c691eb631a7826dac9db3e7559d043eb0abbdace1ecbe9d6f5b650948beb20005d8a98770e1f8a24333dab233463b012dde1d9ce0833a617b32eb58b852484619e991807110ccfea7a4b0dfb73fc215f967be09a60538de981883af51aad2f13f039d4b3e1e47a85f59fd8ae870e1a19cac689c3c58003f4d75f7b61cae9829008e9790dff1aec9f3b989e7cec2e0cd9c17e2fca966daaaa4b10d142047e115e2f345f65a734c88ec2b1b70721b06c3830ff6d3f5150e48a0348e72655bf7dd6f986f26b98a680ed1197dcddb649ca8d8fb6ac6294fe3404e664177f4d420aa2fe6dfc804a349822aea75a51186eaa72445077f4bfba2bab5b0f0ccd498a5a4a9455c83411c380d8006cca01d6738e6ee5495a6660094e05b7861180d91cef2651eadff7a667dd759d54a6806f1ce8dbe90f1e27f48fed7ca285d04a8a5e2bcebd79be5b6e6600740beb6a2d40bf3c51c61a3dca0ba2bca8a26ac38acbe2b2cc4daeeddfe8429c5ba2cd9f9909cf1b6912fb43cd03e62df21dc165b21c3efc1778d6e8e59281f3b51847c13418e0e87a462d5a918bcea3e19b06315109c77988c5ae2a1cfba8b8f8c2f6598efc89360de62cfcb7e1c0c10fa0c5a1080300be58ba814bd6822b5e9f3955d31d932c86bc6976a4b0d47107d4a57c5f17969f277fddeca8b2d48e5720f1e2b8663b4f4cde46a6dd1ca233eac93f96a63032e76756a66cdb3251463516733993e393660b1c041a204bf99ddc65cbb110c2768dd0758a7e5dc586f76af843a6d012da0553de386cf8df39237f22ee18494ecfd70565109d9aecf3f68b4ec9d707946da1999d49fbd146ef4925990f88aa45bd6778adcf473d2916dca8729c26a4b8cccf4ee1bf6344039a837230a06eae47adb3acb82d079f0a6e20451c3132322075f306441f1fcb95b976e7724746dfb53f4003fc905b4af17853e3940f662a4c0791422cdfadca6dca87f7d67a8db91ee0a13113cfcecb8eb3d77682ad5f179be04e75147789d35c5c2b15e5a0bfc505103b96700
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{103B2CDB-D47A-4D37-A974-60D986074E71} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll
BHO-X64: PageRage - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: RebateRobot BHO: {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - C:\Program Files\RebateRobot\RebateRobot.dll
BHO-X64: RebateRobot - No File
TB-X64: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
Hosts: 217.23.4.166 www.google-analytics.com.
Hosts: 217.23.4.166 ad-emea.doubleclick.net.
Hosts: 217.23.4.166 www.statcounter.com.
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0gyx2t4p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - PageRage Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 88825701-c7ff-4e72-bef7-841c1b249970
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
.
============= SERVICES / DRIVERS ===============
.
R0 FixTDSS;TDSS Fixtool driver;C:\Windows\system32\drivers\FixTDSS.sys --> C:\Windows\system32\drivers\FixTDSS.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-14 366152]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-26 378984]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\system32\DRIVERS\WN111v2x.sys --> C:\Windows\system32\DRIVERS\WN111v2x.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-20 02:27:23 -------- d-----w- C:\$RECYCLE.BIN
2011-12-20 00:46:33 -------- d-----w- C:\Program Files (x86)\ESET
2011-12-19 04:24:19 -------- d-----w- C:\ProgramData\AVAST Software
2011-12-19 04:24:19 -------- d-----w- C:\Program Files\AVAST Software
2011-12-18 23:38:55 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2011-12-18 23:38:03 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2011-12-18 23:37:36 -------- d-----w- C:\Windows\SysWow64\xlive
2011-12-18 23:37:29 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-12-17 18:28:29 -------- d-----w- C:\Users\John\AppData\Local\Flash Builder
2011-12-17 18:16:28 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-12-17 18:02:05 -------- d-----w- C:\ProgramData\ALM
2011-12-17 17:55:16 -------- d-----w- C:\Users\John\Adobe Flash Builder 4.5
2011-12-17 17:49:13 -------- d-----w- C:\Program Files (x86)\Adobe Story
2011-12-17 17:47:47 55280 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2011-12-17 17:47:47 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2011-12-17 17:47:47 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2011-12-17 17:47:47 -------- d-----w- C:\Program Files (x86)\My Company Name
2011-12-17 17:47:47 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2011-12-17 17:47:47 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-12-15 22:16:51 23104 ----a-w- C:\Windows\SysWow64\svcprmpt.dll
2011-12-15 17:07:22 16384 ----a-w- C:\Windows\SysWow64\msdrve.dll
2011-12-15 16:41:22 -------- d-----w- C:\ProgramData\GTPNXTHTESB
2011-12-12 18:21:19 -------- d-----w- C:\Windows\pss
2011-12-12 17:49:41 98816 ----a-w- C:\Windows\sed.exe
2011-12-12 17:49:41 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-12 17:49:41 256000 ----a-w- C:\Windows\PEV.exe
2011-12-12 17:49:41 208896 ----a-w- C:\Windows\MBR.exe
2011-12-12 17:40:13 27256 ----a-w- C:\Windows\System32\drivers\FixTDSS.sys
2011-12-12 17:40:13 -------- d-----w- C:\Users\John\AppData\Roaming\FixTDSS
2011-12-10 23:52:22 -------- d-----w- C:\ProgramData\RUPNXTHTESB
2011-12-10 23:50:34 10816 ----a-w- C:\Windows\vmoptver.dll
2011-12-10 23:47:36 30976 ----a-w- C:\Windows\rascntrl.dll
2011-12-10 23:44:26 -------- d-----w- C:\Users\John\AppData\Roaming\AweSEM
2011-12-10 23:42:00 -------- d-----w- C:\Program Files (x86)\Alfalfa Team
2011-12-10 23:03:57 -------- d-----w- C:\ProgramData\PUPNXTHTESB
2011-12-10 23:03:56 -------- d-----w- C:\Program Files\BadgeHelp
2011-12-10 19:02:12 -------- d-----w- C:\Users\John\AppData\Roaming\Tams11
2011-12-10 17:00:29 -------- d-----w- C:\Users\John\AppData\Local\ElevatedDiagnostics
2011-12-10 04:40:02 -------- d-----w- C:\Program Files (x86)\Tams11
2011-12-10 03:11:13 -------- d-----w- C:\VXM
2011-12-10 03:11:13 -------- d-----w- C:\Intel
2011-12-10 03:10:52 -------- d-----w- C:\Amuseware
2011-12-09 23:34:15 304128 ----a-w- C:\Windows\IsUninst.exe
2011-11-28 21:08:14 -------- d--h--w- C:\ProgramData\Common Files
2011-11-28 21:06:42 -------- d-----w- C:\ProgramData\AVG2012
2011-11-28 21:05:34 -------- d-----w- C:\Program Files (x86)\AVG
2011-11-28 21:02:32 -------- d-----w- C:\ProgramData\MFAData
2011-11-28 20:38:47 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-11-28 20:38:47 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-11-28 20:38:47 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-11-28 20:38:47 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-11-28 20:38:47 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-11-27 03:29:04 -------- d-----w- C:\Program Files (x86)\3E160
2011-11-26 23:37:33 -------- d-----w- C:\Program Files\RebateRobot
2011-11-26 23:25:04 -------- d-----r- C:\Program Files (x86)\Skype
2011-11-25 16:48:19 -------- d-----w- C:\Program Files (x86)\File Shredder
2011-11-25 16:24:13 -------- d-----w- C:\Program Files (x86)\Jasc Software Inc
2011-11-25 16:23:32 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2011-11-25 16:23:32 217088 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-11-25 16:23:31 98304 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe
2011-11-25 16:23:31 36864 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\msihook.dll
2011-11-25 16:23:31 217088 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2011-11-25 16:23:30 598016 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ikernel.exe
2011-11-25 16:23:30 102400 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\scpthdlr.dll
2011-11-22 22:47:07 -------- d-----w- C:\ProgramData\McAfee Security Scan
2011-11-22 22:47:05 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
.
==================== Find3M ====================
.
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-15 03:50:14 125376 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-21 15:00:28 99024 ----a-w- C:\Windows\MozillaUninstall.exe
2011-10-21 15:00:25 98512 ----a-w- C:\Windows\GREUninstall.exe
2011-10-21 14:52:02 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-15 06:31:56 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-28 22:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll
2011-09-28 22:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
.
============= FINISH: 12:23:54.68 ===============



I couldn't do a gmer log since i'm using 64 bit 7.

Attached Files



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:55 AM

Posted 27 December 2011 - 12:25 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 AM

Posted 29 December 2011 - 04:42 PM

Topic reopened at member's request.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:55 PM

Posted 29 December 2011 - 07:16 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

With no Gmer available please run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#7 neostar

neostar
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 29 December 2011 - 08:11 PM

aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-29 19:45:09
-----------------------------
19:45:09.348 OS Version: Windows x64 6.1.7601 Service Pack 1
19:45:09.348 Number of processors: 2 586 0x603
19:45:09.349 ComputerName: JOHN-PC UserName: John
19:45:11.763 Initialize success
19:45:19.192 AVAST engine defs: 11122901
19:45:20.508 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
19:45:20.510 Disk 0 Vendor: WDC_WD10 77.0 Size: 953869MB BusType: 3
19:45:20.529 Disk 0 MBR read successfully
19:45:20.531 Disk 0 MBR scan
19:45:20.535 Disk 0 unknown MBR code
19:45:20.538 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18000 MB offset 2048
19:45:20.554 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 36866048
19:45:20.564 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 935767 MB offset 37070848
19:45:20.569 Service scanning
19:45:24.191 Modules scanning
19:45:24.194 Disk 0 trace - called modules:
19:45:24.207 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
19:45:24.210 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80032d5370]
19:45:24.545 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8002e67c20]
19:45:24.549 5 ACPI.sys[fffff88000f3c7a1] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa8002f574b0]
19:45:26.980 AVAST engine scan C:\Windows
19:45:31.614 AVAST engine scan C:\Windows\system32
19:46:47.137 AVAST engine scan C:\Windows\system32\drivers
19:46:56.149 AVAST engine scan C:\Users\John
19:59:54.086 AVAST engine scan C:\ProgramData
20:01:21.348 Scan finished successfully
20:10:18.421 Disk 0 MBR has been saved successfully to "C:\Users\John\Documents\MBR.dat"
20:10:18.470 The log file has been saved successfully to "C:\Users\John\Documents\aswMBR.txt"

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:55 PM

Posted 29 December 2011 - 08:19 PM

This next tool is checking the Master Boot Record details which has shown "unknown" - not always a malware alert message.

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#9 neostar

neostar
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 29 December 2011 - 08:53 PM

Sorry for the late reply I didn't get a notification in my e-mail this time.


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: eMachines
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: eMachines
System Product Name: EL1358G
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 147):
0x02A17000 \SystemRoot\system32\ntoskrnl.exe
0x03000000 \SystemRoot\system32\hal.dll
0x00BBD000 \SystemRoot\system32\kdcom.dll
0x00C7F000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C8C000 \SystemRoot\system32\PSHED.dll
0x00CA0000 \SystemRoot\system32\CLFS.SYS
0x00CFE000 \SystemRoot\system32\CI.dll
0x00DBE000 \SystemRoot\system32\drivers\FixTDSS.sys
0x00E7E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F22000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F31000 \SystemRoot\system32\drivers\ACPI.sys
0x00F88000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F91000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F9B000 \SystemRoot\system32\drivers\pci.sys
0x00FCE000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FDB000 \SystemRoot\System32\drivers\partmgr.sys
0x00E00000 \SystemRoot\system32\drivers\volmgr.sys
0x00E15000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E71000 \SystemRoot\system32\drivers\pciide.sys
0x00FF0000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00DC8000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DE2000 \SystemRoot\system32\drivers\atapi.sys
0x00C00000 \SystemRoot\system32\drivers\ataport.SYS
0x00C2A000 \SystemRoot\system32\drivers\nvstor64.sys
0x01084000 \SystemRoot\system32\drivers\storport.sys
0x010E7000 \SystemRoot\system32\drivers\amdxata.sys
0x010F2000 \SystemRoot\system32\drivers\fltmgr.sys
0x0113E000 \SystemRoot\system32\drivers\fileinfo.sys
0x01152000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0120A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0115E000 \SystemRoot\System32\Drivers\msrpc.sys
0x013AD000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x013C8000 \SystemRoot\System32\drivers\pcw.sys
0x013D9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014A5000 \SystemRoot\system32\drivers\ndis.sys
0x01598000 \SystemRoot\system32\drivers\NETIO.SYS
0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x016AA000 \SystemRoot\System32\drivers\tcpip.sys
0x018AE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x018F8000 \SystemRoot\system32\drivers\volsnap.sys
0x01944000 \SystemRoot\System32\Drivers\spldr.sys
0x0194C000 \SystemRoot\System32\drivers\rdyboost.sys
0x01986000 \SystemRoot\System32\Drivers\mup.sys
0x01998000 \SystemRoot\System32\drivers\hwpolicy.sys
0x019A1000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019DB000 \SystemRoot\system32\drivers\disk.sys
0x01600000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x0142B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0169A000 \SystemRoot\System32\Drivers\Null.SYS
0x016A3000 \SystemRoot\System32\Drivers\Beep.SYS
0x019F1000 \SystemRoot\System32\drivers\vga.sys
0x01455000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0147A000 \SystemRoot\System32\drivers\watchdog.sys
0x0148A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01493000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0149C000 \SystemRoot\system32\drivers\rdprefmp.sys
0x013E3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x013EE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x011BC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x011DE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03A94000 \SystemRoot\system32\drivers\afd.sys
0x03B1D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03B62000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B6B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B91000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03BA0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03BBB000 \SystemRoot\system32\drivers\termdd.sys
0x03BCF000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x03A00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03A51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03A5D000 \SystemRoot\system32\drivers\mssmbios.sys
0x03A68000 \SystemRoot\System32\drivers\discache.sys
0x02C18000 \SystemRoot\System32\Drivers\dfsc.sys
0x02C36000 \SystemRoot\system32\drivers\blbdrive.sys
0x02C47000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02C6D000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x02C82000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02CA0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02CAF000 \SystemRoot\system32\drivers\mouclass.sys
0x02CBE000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x02CC9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02D1F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02D30000 \SystemRoot\system32\drivers\HDAudBus.sys
0x02D54000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x0F0D9000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FDF0000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03CDB000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03C00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03C46000 \SystemRoot\system32\drivers\wmiacpi.sys
0x03C4F000 \SystemRoot\system32\drivers\CompositeBus.sys
0x03C5F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03C75000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03C99000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03CA5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03DCF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0F000000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0F021000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03DEA000 \SystemRoot\system32\drivers\swenum.sys
0x0F03B000 \SystemRoot\system32\drivers\ks.sys
0x03DEC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0F07E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02DA6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03EC1000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x040EA000 \SystemRoot\system32\drivers\portcls.sys
0x04127000 \SystemRoot\system32\drivers\drmk.sys
0x04149000 \SystemRoot\system32\drivers\ksthunk.sys
0x0414F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0415D000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x04167000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x041A6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000C0000 \SystemRoot\System32\win32k.sys
0x041B9000 \SystemRoot\System32\drivers\Dxapi.sys
0x041C5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x041E0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x041E2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00420000 \SystemRoot\System32\TSDDD.dll
0x00780000 \SystemRoot\System32\cdd.dll
0x041F0000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x03E00000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x03E28000 \SystemRoot\system32\DRIVERS\Dot4Scan.sys
0x03E30000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x00870000 \SystemRoot\System32\ATMFD.DLL
0x03E3A000 \SystemRoot\system32\drivers\luafv.sys
0x03E5D000 \SystemRoot\system32\drivers\WudfPf.sys
0x03E7E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x01630000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03E93000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03EA6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02A17000 \SystemRoot\system32\ntoskrnl.exe
0x02AE0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02B11000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02B2F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02B5C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02BAA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03402000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0346B000 \SystemRoot\System32\DRIVERS\srv.sys
0x03503000 \SystemRoot\system32\drivers\peauth.sys
0x035A9000 \SystemRoot\System32\Drivers\secdrv.SYS
0x035B4000 \SystemRoot\System32\drivers\tcpipreg.sys
0x035C6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x02BCE000 \??\C:\Users\John\AppData\Local\Temp\aswMBR.sys
0x02BDC000 \??\C:\Windows\system32\drivers\mbam.sys
0x779A0000 \Windows\System32\ntdll.dll
0x484D0000 \Windows\System32\smss.exe
0xFFCC0000 \Windows\System32\apisetschema.dll
0xFF290000 \Windows\System32\autochk.exe

Processes (total 54):
0 System Idle Process
4 System
352 C:\Windows\System32\smss.exe
476 csrss.exe
528 C:\Windows\System32\wininit.exe
564 csrss.exe
596 C:\Windows\System32\services.exe
624 C:\Windows\System32\lsass.exe
632 C:\Windows\System32\lsm.exe
728 C:\Windows\System32\winlogon.exe
784 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\nvvsvc.exe
888 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
112 C:\Windows\System32\svchost.exe
388 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\spoolsv.exe
1360 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1396 C:\Windows\System32\svchost.exe
1440 C:\Windows\System32\svchost.exe
1468 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
1516 C:\Windows\System32\lxcgcoms.exe
1536 C:\Windows\System32\nvvsvc.exe
1616 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1672 C:\Windows\System32\svchost.exe
1724 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1768 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
1952 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
616 C:\Windows\System32\taskhost.exe
1712 C:\Windows\System32\dwm.exe
1604 C:\Windows\explorer.exe
2188 WUDFHost.exe
2652 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
2660 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
2680 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
2712 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
2940 C:\Windows\System32\SearchIndexer.exe
1304 C:\Program Files\Windows Media Player\wmpnetwk.exe
2536 C:\Windows\System32\svchost.exe
2728 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1592 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3116 C:\Users\John\Downloads\aswMBR.exe
3476 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
3512 C:\Program Files (x86)\Nero\Update\NASvc.exe
1632 C:\Windows\System32\notepad.exe
2800 WmiPrvSE.exe
1972 C:\Windows\System32\svchost.exe
3148 C:\Windows\System32\SearchProtocolHost.exe
3848 C:\Windows\System32\SearchFilterHost.exe
968 C:\Users\John\Downloads\MBRCheck.exe
2956 C:\Windows\System32\conhost.exe
2844 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`6b500000 (NTFS)

PhysicalDrive0 Model Number: WDC WD10EADX-22TDHB0, Rev: 77.0

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Acer MBR code detected
SHA1: 3183CBF02DD9B39C5FF84F50BA2419D633E30179


Done!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:55 PM

Posted 29 December 2011 - 09:43 PM

That looks okay.


Check your notifications settings:

Click your name at the top right and select My Settings. Find Notification Options down the left side among the options.

The last of the six options says: Watch every topic I reply to
If enabled, choose default notification type:

Change this to Immediate Notification

Then look under that and check the Email box under Notification method to use for topic replies and reply digests


Now let's see a new scan, this time from a tool called OTL

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#11 neostar

neostar
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 29 December 2011 - 10:06 PM

OTL Extras logfile created on: 12/29/2011 10:01:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\John\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 75.87% Memory free
5.50 Gb Paging File | 4.26 Gb Available in Paging File | 77.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 913.84 Gb Total Space | 786.83 Gb Free Space | 86.10% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{76202DBC-6FDA-47EA-B32F-F88512C03B18}" = AVG 2012
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8E10A7CC-B4B4-4BF0-A75E-9F960D58AAC4}_is1" = RebateRobot for Online Shopping version 1.0.1
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark 2300 Series" = Lexmark 2300 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.10 beta 3 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v2.24.0.195
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Caesar 3_is1" = Caesar 3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"ESET Online Scanner" = ESET Online Scanner v3
"File Shredder_is1" = File Shredder 2.0
"HandAndFoot_is1" = Hand And Foot 1.0.11.10
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla (1.7.13)" = Mozilla (1.7.13)
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PageRage Toolbar" = PageRage Toolbar
"Pogo Auto Loader 4.1.1" = Pogo Auto Loader 4.1.1
"PowerISO" = PowerISO
"Tams11 Software Gaming Lobby_is1" = Tams11 Software Gaming Lobby 1.7.8.22
"Trillian" = Trillian
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/26/2011 11:15:59 PM | Computer Name = John-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: apphelp.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b73e Exception code: 0xc0000005 Fault offset: 0x0000bb46 Faulting
process id: 0x12bc Faulting application start time: 0x01ccacb2ba91df60 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\apphelp.dll Report Id: 204a8d20-18a6-11e1-9a79-f80f411cb856

Error - 11/26/2011 11:17:36 PM | Computer Name = John-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: apphelp.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b73e Exception code: 0xc0000005 Fault offset: 0x0000bb46 Faulting
process id: 0x125c Faulting application start time: 0x01ccacb2f49ce1a0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\apphelp.dll Report Id: 5a5652b0-18a6-11e1-9a79-f80f411cb856

Error - 11/26/2011 11:21:14 PM | Computer Name = John-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: apphelp.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b73e Exception code: 0xc0000005 Fault offset: 0x0000bb46 Faulting
process id: 0xf50 Faulting application start time: 0x01ccacb376306bb0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\apphelp.dll Report Id: dc2b2b80-18a6-11e1-9a79-f80f411cb856

Error - 11/26/2011 11:22:51 PM | Computer Name = John-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: apphelp.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b73e Exception code: 0xc0000005 Fault offset: 0x0000bb46 Faulting
process id: 0x1318 Faulting application start time: 0x01ccacb3b08680b0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\apphelp.dll Report Id: 1638ece0-18a7-11e1-9a79-f80f411cb856

Error - 11/26/2011 11:24:29 PM | Computer Name = John-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: apphelp.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b73e Exception code: 0xc0000005 Fault offset: 0x0000bb46 Faulting
process id: 0xfb8 Faulting application start time: 0x01ccacb3ea8b6870 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\apphelp.dll Report Id: 50731570-18a7-11e1-9a79-f80f411cb856

Error - 11/26/2011 11:26:07 PM | Computer Name = John-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: apphelp.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b73e Exception code: 0xc0000005 Fault offset: 0x0000bb46 Faulting
process id: 0x119c Faulting application start time: 0x01ccacb42501afa0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\apphelp.dll Report Id: 8ab77f00-18a7-11e1-9a79-f80f411cb856

Error - 11/26/2011 11:29:53 PM | Computer Name = John-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/27/2011 2:16:43 PM | Computer Name = John-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/27/2011 8:01:10 PM | Computer Name = John-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/27/2011 8:44:24 PM | Computer Name = John-PC | Source = Application Error | ID = 1000
Description = Faulting application name: lxcgcoms.exe, version: 6.4.29.0, time stamp:
0x4613cd75 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp:
0x4ce7c8f9 Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting process
id: 0x630 Faulting application start time: 0x01ccad60a5ddadc0 Faulting application
path: C:\Windows\system32\lxcgcoms.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 1dd75d70-195a-11e1-8c0d-f80f411cb856

[ System Events ]
Error - 12/19/2011 11:51:02 AM | Computer Name = John-PC | Source = Service Control Manager | ID = 7003
Description = The Internet Connection Sharing (ICS) service depends the following
service: BFE. This service might not be installed.

Error - 12/19/2011 11:51:07 AM | Computer Name = John-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
aswSnx aswSP aswTdi discache SCDEmu spldr Wanarpv6

Error - 12/19/2011 11:51:14 AM | Computer Name = John-PC | Source = DCOM | ID = 10005
Description =

Error - 12/19/2011 11:51:15 AM | Computer Name = John-PC | Source = DCOM | ID = 10005
Description =

Error - 12/19/2011 11:51:15 AM | Computer Name = John-PC | Source = DCOM | ID = 10005
Description =

Error - 12/19/2011 11:51:16 AM | Computer Name = John-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 12/19/2011 2:42:23 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 12/19/2011 2:42:25 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 12/19/2011 2:42:25 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 12/19/2011 2:42:25 PM | Computer Name = John-PC | Source = Service Control Manager | ID = 7003
Description = The Internet Connection Sharing (ICS) service depends the following
service: BFE. This service might not be installed.


< End of report >



OTL logfile created on: 12/29/2011 10:01:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\John\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 75.87% Memory free
5.50 Gb Paging File | 4.26 Gb Available in Paging File | 77.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 913.84 Gb Total Space | 786.83 Gb Free Space | 86.10% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\John\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0gyx2t4p.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\RadioWMPCoreGecko8.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM)) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV:64bit: - (lxcg_device) -- C:\Windows\SysNative\lxcgcoms.exe ( )
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (lxcg_device) -- C:\Windows\SysWow64\lxcgcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (FixTDSS) -- C:\Windows\SysNative\drivers\FixTDSS.sys (Symantec Corporation)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WN111v2) -- C:\Windows\SysNative\drivers\WN111v2x.sys (Atheros Communications, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2786678
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "PageRage Customized Web Search"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/12/17 12:52:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/12/17 13:12:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.7.13\Extensions\\Components: C:\Program Files (x86)\mozilla.org\Mozilla\Components [2011/10/21 10:54:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.7.13\Extensions\\Plugins: C:\Program Files (x86)\mozilla.org\Mozilla\Plugins [2011/12/17 12:52:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 23:48:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.7.13\Extensions\\Components: C:\Program Files (x86)\mozilla.org\Mozilla\Components [2011/10/21 10:54:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.7.13\Extensions\\Plugins: C:\Program Files (x86)\mozilla.org\Mozilla\Plugins [2011/12/17 12:52:10 | 000,000,000 | ---D | M]

[2011/08/26 09:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2011/12/07 10:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0gyx2t4p.default\extensions
[2011/12/05 17:30:19 | 000,000,000 | ---D | M] (PageRage Community Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0gyx2t4p.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2011/11/10 14:56:51 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0gyx2t4p.default\extensions\plugin@yontoo.com
[2011/12/05 14:13:18 | 000,000,919 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0gyx2t4p.default\searchplugins\conduit.xml
[2011/11/11 03:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/10 23:48:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/11/10 23:48:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 19:26:50 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/28 19:26:50 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2011/09/28 19:26:50 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2011/11/10 23:48:17 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2011/09/28 19:26:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2011/09/28 19:26:50 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Gmail = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: RebateRobot = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmfbdeonhcacfoakminfhhgllaelfhda\2.1.2_0\

O1 HOSTS File: ([2011/11/25 06:35:57 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 217.23.4.166 www.google-analytics.com.
O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net.
O1 - Hosts: 217.23.4.166 www.statcounter.com.
O1 - Hosts: 178.250.45.15 www.google-analytics.com.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 www.statcounter.com.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (RebateRobot BHO) - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - C:\Program Files\RebateRobot\RebateRobot-x64.dll (RebateRobot)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (RebateRobot BHO) - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - C:\Program Files\RebateRobot\RebateRobot.dll (RebateRobot)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [LXCGCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LegacyDrive = [Binary data over 100 bytes]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DriveConfiguration = [Binary data over 100 bytes]
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{103B2CDB-D47A-4D37-A974-60D986074E71}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) -C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 19:44:03 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/21 19:11:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Media Player Classic
[2011/12/19 21:31:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/19 21:27:23 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/12/19 19:46:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/12/18 23:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/12/18 23:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/12/18 23:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/18 18:38:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011/12/18 18:38:03 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011/12/18 18:37:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011/12/18 18:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/12/18 18:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011/12/17 15:15:48 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\New folder
[2011/12/17 13:28:29 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Flash Builder
[2011/12/17 13:28:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2011/12/17 13:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/12/17 13:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011/12/17 12:55:16 | 000,000,000 | ---D | C] -- C:\Users\John\Adobe Flash Builder 4.5
[2011/12/17 12:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2011/12/17 12:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/12/17 12:49:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Story
[2011/12/17 12:47:47 | 000,055,280 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2011/12/17 12:47:47 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2011/12/17 12:47:47 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2011/12/17 12:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2011/12/17 12:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/12/17 12:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2011/12/17 12:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/12/17 12:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/12/17 12:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5.5
[2011/12/15 11:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\GTPNXTHTESB
[2011/12/15 09:28:51 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/15 09:28:51 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/15 09:28:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/15 09:28:51 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/15 09:28:51 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/15 09:28:51 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/15 09:28:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/15 09:28:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/15 09:28:48 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/15 09:28:48 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/12 13:21:19 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/12/12 12:49:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/12 12:49:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/12 12:49:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/12 12:49:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/12 12:49:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/12 12:40:13 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixTDSS.sys
[2011/12/12 12:40:13 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\FixTDSS
[2011/12/10 18:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\RUPNXTHTESB
[2011/12/10 18:44:26 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\AweSEM
[2011/12/10 18:42:09 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pogo Auto Loader 4.1.1
[2011/12/10 18:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Auto Loader 4.1.1
[2011/12/10 18:42:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alfalfa Team
[2011/12/10 18:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PUPNXTHTESB
[2011/12/10 18:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BadgeHelp
[2011/12/10 18:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\BadgeHelp
[2011/12/10 14:02:12 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Tams11
[2011/12/10 12:00:29 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\ElevatedDiagnostics
[2011/12/09 23:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tams11
[2011/12/09 23:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tams11
[2011/12/09 22:11:13 | 000,000,000 | ---D | C] -- C:\VXM
[2011/12/09 22:11:13 | 000,000,000 | ---D | C] -- C:\Intel
[2011/12/09 18:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
[2011/12/09 18:34:15 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2011/12/07 16:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/08/26 00:41:20 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgserv.dll
[2011/08/26 00:41:20 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgusb1.dll
[2011/08/26 00:41:20 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcghbn3.dll
[2011/08/26 00:41:20 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomc.dll
[2011/08/26 00:41:20 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpmui.dll
[2011/08/26 00:41:20 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcglmpm.dll
[2011/08/26 00:41:20 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcoms.exe
[2011/08/26 00:41:20 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomm.dll
[2011/08/26 00:41:20 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcginpa.dll
[2011/08/26 00:41:20 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgiesc.dll
[2011/08/26 00:41:20 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgih.exe
[2011/08/26 00:41:20 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcfg.exe
[2011/08/26 00:41:20 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgppls.exe
[2011/08/26 00:41:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgprox.dll
[2011/08/26 00:41:20 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/12/29 21:59:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/29 20:10:18 | 000,000,512 | ---- | M] () -- C:\Users\John\Documents\MBR.dat
[2011/12/29 19:51:31 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 19:51:31 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 19:49:58 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/29 19:49:58 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/29 19:49:58 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/29 19:44:01 | 539,736,741 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/29 19:44:01 | 2214,092,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/28 15:04:34 | 000,000,113 | ---- | M] () -- C:\Windows\(null)toolkit.ini
[2011/12/22 12:27:27 | 000,002,980 | ---- | M] () -- C:\Users\John\Documents\Attach.zip
[2011/12/19 13:42:13 | 004,855,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/17 12:52:11 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2011/12/17 12:49:55 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Content Viewer.lnk
[2011/12/16 12:20:55 | 000,010,971 | ---- | M] () -- C:\Users\John\Desktop\Logs.zip
[2011/12/15 17:16:51 | 000,023,104 | ---- | M] () -- C:\Windows\SysWow64\svcprmpt.dll
[2011/12/15 12:07:22 | 000,016,384 | ---- | M] () -- C:\Windows\SysWow64\msdrve.dll
[2011/12/14 19:43:33 | 000,001,204 | ---- | M] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/12/14 10:46:34 | 000,010,192 | -HS- | M] () -- C:\Users\John\AppData\Local\652400e0l875q556u474a6ojs2m2
[2011/12/14 10:46:34 | 000,010,192 | -HS- | M] () -- C:\ProgramData\652400e0l875q556u474a6ojs2m2
[2011/12/14 09:14:38 | 000,061,761 | ---- | M] () -- C:\Users\John\Desktop\1374082808430.jpg
[2011/12/12 12:40:13 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixTDSS.sys
[2011/12/10 18:50:34 | 000,010,816 | ---- | M] () -- C:\Windows\vmoptver.dll
[2011/12/10 18:47:36 | 000,030,976 | ---- | M] () -- C:\Windows\rascntrl.dll
[2011/12/10 14:02:51 | 000,000,014 | ---- | M] () -- C:\Windows\MWu]KQ
[2011/12/10 11:47:57 | 000,009,296 | -HS- | M] () -- C:\Users\John\AppData\Local\lirxfx1g3jaq1eks4cqe4b563k4h
[2011/12/10 11:47:57 | 000,009,296 | -HS- | M] () -- C:\ProgramData\lirxfx1g3jaq1eks4cqe4b563k4h
[2011/12/09 18:34:22 | 000,000,185 | ---- | M] () -- C:\Windows\SIERRA.INI
[2011/12/07 15:27:45 | 000,000,645 | ---- | M] () -- C:\Windows\hegames.ini
[2011/12/04 18:43:09 | 000,000,191 | ---- | M] () -- C:\Users\John\Documents\dsf.rtf

========== Files Created - No Company Name ==========

[2011/12/29 19:44:01 | 539,736,741 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/29 19:30:30 | 000,000,512 | ---- | C] () -- C:\Users\John\Documents\MBR.dat
[2011/12/28 15:04:34 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2011/12/22 12:27:27 | 000,002,980 | ---- | C] () -- C:\Users\John\Documents\Attach.zip
[2011/12/17 12:52:11 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2011/12/17 12:52:11 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2011/12/17 12:52:11 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2011/12/17 12:50:03 | 000,001,066 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2011/12/17 12:49:55 | 000,001,066 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2011/12/17 12:49:55 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Content Viewer.lnk
[2011/12/17 12:44:28 | 000,000,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/12/16 12:20:55 | 000,010,971 | ---- | C] () -- C:\Users\John\Desktop\Logs.zip
[2011/12/15 17:16:51 | 000,023,104 | ---- | C] () -- C:\Windows\SysWow64\svcprmpt.dll
[2011/12/15 12:07:22 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\msdrve.dll
[2011/12/14 19:43:33 | 000,001,204 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/12/14 10:35:06 | 000,010,192 | -HS- | C] () -- C:\Users\John\AppData\Local\652400e0l875q556u474a6ojs2m2
[2011/12/14 10:35:06 | 000,010,192 | -HS- | C] () -- C:\ProgramData\652400e0l875q556u474a6ojs2m2
[2011/12/14 09:14:37 | 000,061,761 | ---- | C] () -- C:\Users\John\Desktop\1374082808430.jpg
[2011/12/12 12:49:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/12 12:49:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/12 12:49:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/12 12:49:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/12 12:49:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/10 18:50:34 | 000,010,816 | ---- | C] () -- C:\Windows\vmoptver.dll
[2011/12/10 18:47:36 | 000,030,976 | ---- | C] () -- C:\Windows\rascntrl.dll
[2011/12/10 14:02:51 | 000,000,014 | ---- | C] () -- C:\Windows\MWu]KQ
[2011/12/10 07:21:32 | 000,009,296 | -HS- | C] () -- C:\Users\John\AppData\Local\lirxfx1g3jaq1eks4cqe4b563k4h
[2011/12/10 07:21:32 | 000,009,296 | -HS- | C] () -- C:\ProgramData\lirxfx1g3jaq1eks4cqe4b563k4h
[2011/12/09 18:34:16 | 000,000,185 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/12/07 16:52:28 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/04 18:43:09 | 000,000,191 | ---- | C] () -- C:\Users\John\Documents\dsf.rtf
[2011/11/25 18:53:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\NEY8a.com.b
[2011/11/25 18:50:07 | 000,000,112 | ---- | C] () -- C:\ProgramData\IL1Nv0.dat
[2011/11/16 09:16:55 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/11/16 09:16:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/11/16 09:16:54 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/11/16 09:16:54 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/11/16 09:16:54 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/11/10 17:32:01 | 000,000,226 | ---- | C] () -- C:\Windows\WinInit.Ini
[2011/10/21 10:00:29 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/10/21 10:00:28 | 000,099,024 | ---- | C] () -- C:\Windows\MozillaUninstall.exe
[2011/10/21 10:00:25 | 000,098,512 | ---- | C] () -- C:\Windows\GREUninstall.exe
[2011/10/21 10:00:25 | 000,008,318 | ---- | C] () -- C:\Windows\mozver.dat
[2011/10/09 14:42:05 | 000,000,645 | ---- | C] () -- C:\Windows\hegames.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/26 00:41:20 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcgcomx.dll
[2011/08/26 00:41:20 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcginst.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/12/10 18:44:26 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AweSEM
[2011/11/16 09:28:32 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Canneverbe Limited
[2011/12/12 12:40:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\FixTDSS
[2011/08/26 08:59:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OEM
[2011/10/21 09:53:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenOffice.org
[2011/12/10 14:05:46 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Tams11
[2011/11/29 21:32:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Trillian

[2009/07/14 00:08:49 | 000,021,006 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Edited by neostar, 29 December 2011 - 10:08 PM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:55 PM

Posted 29 December 2011 - 10:24 PM

Okay, now we have something to remove. The mmswsock.dll file is created by a rootkit called ZeroAccess. It looks quite weak in your system as it isn't killing any tools - so far.

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
[2011/12/14 10:46:34 | 000,010,192 | -HS- | M] () -- C:\Users\John\AppData\Local\652400e0l875q556u474a6ojs2m2
[2011/12/14 10:46:34 | 000,010,192 | -HS- | M] () -- C:\ProgramData\652400e0l875q556u474a6ojs2m2
[2011/12/10 11:47:57 | 000,009,296 | -HS- | M] () -- C:\Users\John\AppData\Local\lirxfx1g3jaq1eks4cqe4b563k4h
[2011/12/10 11:47:57 | 000,009,296 | -HS- | M] () -- C:\ProgramData\lirxfx1g3jaq1eks4cqe4b563k4h
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Now uninstall your copy of Combofix

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Disable any realtime antivirus or antispyware programs.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


Then download and run the tool, as explained below

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#13 neostar

neostar
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 29 December 2011 - 10:40 PM

That makes sense of why those fake anti virus programs kept popping up. It doesn't solve the google and web redirects i've been getting but maybe we can figure that out in the newest combofix log. Why didn't malwarebytes detect this rootkit? You say it's weak now so maybe it removed part of it because all I ran were combofix and malwarebytes.




Combofix logs:

ComboFix 11-12-29.05 - John 12/29/2011 22:31:48.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1788 [GMT -5:00]
Running from: c:\users\John\Downloads\ComFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\keywords
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 03:36 . 2011-12-30 03:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-30 03:26 . 2011-12-30 03:26 -------- d-----w- C:\_OTL
2011-12-22 00:11 . 2011-12-22 00:11 -------- d-----w- c:\users\John\AppData\Roaming\Media Player Classic
2011-12-20 00:46 . 2011-12-20 00:46 -------- d-----w- c:\program files (x86)\ESET
2011-12-19 04:25 . 2011-12-19 04:26 -------- d-----w- c:\program files (x86)\Google
2011-12-19 04:24 . 2011-12-19 04:24 -------- d-----w- c:\programdata\AVAST Software
2011-12-19 04:24 . 2011-12-19 04:24 -------- d-----w- c:\program files\AVAST Software
2011-12-18 23:38 . 2011-12-18 23:38 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-12-18 23:38 . 2007-04-04 23:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2011-12-18 23:37 . 2011-12-18 23:37 -------- d-----w- c:\windows\SysWow64\xlive
2011-12-18 23:37 . 2011-12-18 23:37 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-12-17 18:28 . 2011-12-17 18:28 -------- d-----w- c:\users\John\AppData\Local\Flash Builder
2011-12-17 18:16 . 2011-12-17 19:56 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-12-17 18:02 . 2011-12-17 18:02 -------- d-----w- c:\programdata\ALM
2011-12-17 17:55 . 2011-12-17 17:55 -------- d-----w- c:\users\John\Adobe Flash Builder 4.5
2011-12-17 17:49 . 2011-12-17 17:49 -------- d-----w- c:\program files (x86)\Adobe Story
2011-12-17 17:47 . 2011-12-17 17:47 -------- d-----w- c:\program files (x86)\My Company Name
2011-12-17 17:47 . 2011-12-17 17:47 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2011-12-17 17:47 . 2011-12-17 17:47 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-12-17 17:47 . 2009-07-09 08:00 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2011-12-17 17:47 . 2009-06-23 08:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-12-17 17:47 . 2009-06-23 08:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-12-17 17:45 . 2011-12-17 18:05 -------- d-----w- c:\program files\Common Files\Adobe
2011-12-15 22:16 . 2011-12-15 22:16 23104 ----a-w- c:\windows\SysWow64\svcprmpt.dll
2011-12-15 17:07 . 2011-12-15 17:07 16384 ----a-w- c:\windows\SysWow64\msdrve.dll
2011-12-15 16:41 . 2011-12-15 17:05 -------- d-----w- c:\programdata\GTPNXTHTESB
2011-12-12 17:40 . 2011-12-12 17:40 27256 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2011-12-12 17:40 . 2011-12-12 17:40 -------- d-----w- c:\users\John\AppData\Roaming\FixTDSS
2011-12-10 23:52 . 2011-12-11 00:10 -------- d-----w- c:\programdata\RUPNXTHTESB
2011-12-10 23:50 . 2011-12-10 23:50 10816 ----a-w- c:\windows\vmoptver.dll
2011-12-10 23:47 . 2011-12-10 23:47 30976 ----a-w- c:\windows\rascntrl.dll
2011-12-10 23:44 . 2011-12-10 23:44 -------- d-----w- c:\users\John\AppData\Roaming\AweSEM
2011-12-10 23:42 . 2011-12-10 23:42 -------- d-----w- c:\program files (x86)\Alfalfa Team
2011-12-10 23:03 . 2011-12-10 23:35 -------- d-----w- c:\programdata\PUPNXTHTESB
2011-12-10 23:03 . 2011-12-15 16:41 -------- d-----w- c:\program files\BadgeHelp
2011-12-10 19:02 . 2011-12-10 19:05 -------- d-----w- c:\users\John\AppData\Roaming\Tams11
2011-12-10 17:00 . 2011-12-28 19:11 -------- d-----w- c:\users\John\AppData\Local\ElevatedDiagnostics
2011-12-10 04:40 . 2011-12-10 19:02 -------- d-----w- c:\program files (x86)\Tams11
2011-12-10 03:11 . 2011-12-10 03:11 -------- d-----w- C:\VXM
2011-12-10 03:11 . 2011-12-10 03:11 -------- d-----w- C:\Intel
2011-12-09 23:34 . 1998-01-23 17:22 304128 ----a-w- c:\windows\IsUninst.exe
2011-12-07 21:51 . 2011-12-17 18:01 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 03:50 . 2011-11-15 17:36 125376 ----a-w- c:\windows\system32\drivers\scdemu.sys
2011-11-12 18:18 . 2011-11-12 18:18 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88891995-0F31-4FF6-BCD4-FCE25C7FE44B}\offreg.dll
2011-10-21 15:00 . 2011-10-21 15:00 99024 ----a-w- c:\windows\MozillaUninstall.exe
2011-10-21 15:00 . 2011-10-21 15:00 98512 ----a-w- c:\windows\GREUninstall.exe
2011-10-21 14:52 . 2011-10-21 14:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-07 04:16 . 2011-11-11 20:33 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88891995-0F31-4FF6-BCD4-FCE25C7FE44B}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files (x86)\PageRage\prxtbPage.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\PageRage\prxtbPage.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401}]
2011-11-18 07:00 88576 ----a-w- c:\program files\RebateRobot\RebateRobot.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files (x86)\PageRage\prxtbPage.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LegacyDrive"= 7c7ae7d9085de71fa18bb1ff85999a4dc1b03420a333679173a2c4bf5ebf1516b3ef39d252e22fbe6076704240d9829cbfeeca6e8ff3a179f760aba8c812645093a8fcb6192e65d203f8aa52edd182e21b5525abed9c5e199219e2e27fc1e044846fd98d4787b2e1f1d9083827c9c3a63cadeedfa577c5faad9410756913b07aef0a7860c3363e7592e131fb23096c708abecc129fccffa3aed6de6a7052fd7a3a428036758230154ed8cda3aed8a6c96d50684dc2e3349cfff3f4c87bc4eecdcfdf991845b5b04a8d858639b28099374d2a6997f8038b6e0667f99771b3acfa14a96d0d1b16f69ab7b102c316476c44921578f929752ca02dbe95df3c655e897368a11ddfecfd903424e94cc2764878a4d93d7a3b8240badabf72a9c3232d0253e3e05079801ab16ca6e4d99e54545aeb3e5fa41770ef45773335fcee3441ee1be3d0afd11a6587c8ff9b74922bb972d00c87f9a58760c86be289e1a5e2c1d535301941cf010699aef6b52486419e48b90a5c08cd11bccb1e94145fd073d63d9992640f5c7f266f8755daf262e02c651001875678542ad6f8117e7e5730a7b0fcd1591f5edaed92bce2b4e40e4e8b503bb9afeb8c99d3726120704623615db579b49f7bbf5b8289b366e80572ede291a4fa7dd0f328de26c18b92c01a4e1fd5e704df2b654a0edcd6a8215a76b959b1b18c990c9349747b80188bf3253e1696ae89c0353aefb8148c7205ed03461937cc36aaa75644bdf8069097e82d7b6983370beba32491a9b83c8a3cc5ffc44aab5cc158aa2360e025bbbaa4a5184b4121e852077d0d7a085050b96fea54791496c8f64d1ce1e7068a08601434cff7c6fa2a25bdc9dcf0febf2fc74665e8ae9d7e7a9a2e057a1f56b05348fb9d3bc61f95664eb591793cb37d417c683da5aa10eed978a66ed551f91e063b02e64302757a029396dccca64e22eea07e7a72b7936b4d575a5ef0c4165c8701d119cef1ef3268bd09b3bd75f8dc9efa2f25361b4e7f3efef5dd71c2d6f340620f3dc6ddb644fe94b51d34f3d832b9532444db1f6bb114361df38291616a9726645b120cf1382ef24322196617aca77304e2480b0f8937c77aa9f57ade49f614797a9ac7c9975e685aca5417dcd2d0227804652764901079b606b2c57619c4f6f6a2465566e7f8f5a31ecd4e502d9d2828b41abad24d05147612a1ba5060699283dbfe00efb3634fc5256c539a44744cbbf94f0ec1497f5f65d6aba195a94cb0c62eaa0e8d80073e69e71a6de39fbf57dadcec69180ae7232859b6c16c79d71a6ad932c867d84c89376dbde553c7e4122c63d914bf1aa3286aa4ac63fe5a719715407e76a6429afad6be3f0311434d425a98fe57df011d36d1bd73cf72d382ee700f766071475957efe2860f469bbeb20b834479a045bb1505aef54df16d73e8221703cdf16df16929e27c5119588729e82b91c42970e78caf7f1825a3aeaa4dd3600b074d3fcaf82dc50711b301296e9998ce7ea30a08657736c6d7af2090e52df37854ae424dcca29311963b1ead4ac5d2e4f03599866604dde6013e4b8d77d5d730fd3c00e0ac31558129da387d8514e2b96208a7c958ff7b5f9677b60acd76141d491e00ec61cb123f12b8d600e72fcf371c43bb38020f191ba583e96dadb6b325827dcadab43cd23399fc809e38bea145650f5e3d2eddbe0176896c20e03dbb32ee80e7106a089d4506cfbebf3f6860ca87949f3fa21172f951b2c8892eb4342bd750def84e8d7c5da05819cbc5d615b0c8f96ea727523deb7d2684125ec326f8831437f927747663b0c0182a92b0c8de7167ebdb854828bf430c28223a119acb3bf57b7abc64943f7e2e44456e9d7f3cc9051744849c3a5eeb8c3c20884797ad461b31e5d606ddd952cb2382214544b21afc794aecf67caebdcf4976110c2666eeade1a13d01591974bf3f4a9472511e28aa73995684fdf49800fdd78b9d094e9479d41316b9fe10e82b3120062a691686c39300ce155aac05fe3e6cc7f4e6171d30b750ac12a50b2cc1494c1c113432b4ab84351c67b4acdbfeb89292dd4a89ea5b7f1fcb0f9d51ce7c304df6ef5b7c9aaa6dc0a642b4fa044696d05421ddade3425309db7a8feab7a50eabfa8c85fc210a762ad66e02a06621feae7588498af02c5c954419a4dfce830aec92b05bb92f11c8fa12b245a6ebd519b55dda3328fa63c14b6eb5ff37fa604d9a252285bbae098bb8c4d8261279ac0e6c75df4590e72dabb3c115cdfa2582ff3c1aabaa0a8438e6f853a64ceefaec055c235f27c9a1d34256a60335303632475bdb1373af9be7022027e55f4255de280bd02181db0e9cadbb8345dfe215b84d7ecf2287b1d95d07d9a85c091472ca9c03e5eefacfa0d2156ac2a47218a95c3a2d5e9f8f1828e41ca03ed5f06e39f88cccc88e3aaca6bba1ecc9e897d8dc6636f1f05432ec6fc269fe5116bc5792af1eece3c9ea7a9fa17ac802d9f52c951d6850ed9919369540177a49e916d865397aed9c67b242edcac786d33e351bbdcbf9d4bd81ebfe84a64e9d8e14a6f79adcc9575d2f390b777fb1afa6e1fead3ab61005c98a514a233c35ed885f13be19e1abb08dea28dd250760cae288f9ebf526d66a77eaf3245a49f5f4a0940635ca90df82946026c0dfacfb5feffccddcd665738b306878931117b63a3c7926639630f654da59dcbd8db4abf6350523cec6ba0ef05dcd88a030ec9f46c5d81c50630b9fafc69df2db176897181b6aa3f8ab6ccf2264e1cd519f11d8a0a4778f041a67031ac2f30f236610e84c0bf5f4336ec4e0a8af6cecb047ce8ad0b01e2888a48d4a1d3625db9b60f4c51b6d6cbf42f80a660aa43690c50e6add5e00978ee3e7c59b4088f9ff4dee5b570ca798ab2b30868cd1ad065f97dd2ff8d34ea96b1dcd561e0c21382341f9d1c5a7224161f8fd7f778431a6012e9d6304b7901b643f3d8afc0869aaee7e67d63874462f89b1493f52ab97dc1f92344f289030b6234f1fa75dbdc816090c2179d8fc7c29ca5cfb0c43ce4971becc8c3b8de8954250585af668b1a7451cf310bfccc62af9cc03fb2f7276ae2d6ee28b6f5a462787925fd8bf466e6c00ce3b1bf23d5ab96538ad30f0092a2ed7efdf1b32b8334e4c926e804a1fc9810dc7ed295852419236b66384962d7331398bc823cecf36725bf88c3ade1a614c34b011243b34021b33ed2cde6b08d81f19eba78b89c6d7fb7a6bc2eec45fa7373f31adf3e10a25be268610a6b5c2e16040b6833aacc69e51729317844517d5a9f4f1cb7e93fd33e2d5281745bd83165d7695651a7ef614dd0a1993e4a76a74091d9972ad9835b3ef0a7c4a21cb72007c82305412497fc0059ba53ef7327f0bc180d0ab683ad92d4c8b2ab0a326b726262e2e580a53882a323ede21a3307f2238e63f7d97bf11296320d951b3187b10c4403879eae63adbcd6a6d43d1e79142d6168df0227098309b9331363ae7e647bc81f5c09b48bd5a3c56faac6aa0def103da630cf195e0c95cabdb661edc1f5278b90e3403c1382fe9cb2c6554a38dba27f869daec76c77d0e2f7fe9493f4fb95eb02af20b9bd3e33a90ab757938c722aa394661fc5ae2d31ae8c4c8a1589d05d82df2c49b1cb7fd996f20e4c0a7b4b3f465a3a9078b5953e69e530a106e32bd4dfa0ef09c8e0c056d2e33bb10377bf4c34427bbf74f5585db18d4b77dcb356924dd256af437f9841e968b015332456d7e9d7b9eb2effef26120eed8d0b5cf92c79fdf388d60a701136fd1be70de39a78d3a465a22b27b21e17c4974f0c628bf9d08e5644e503e04b681acfa4f84802904e131f82de2f59ac1f58e93c75367780edfdff61e51e5156e93c5bed86b417b495be47fbdc593e66b53653d3c96b44582ee75f4e7a9c4bda36fe711f3dda526c67006f7b9a57e8c455e757b378839af61fb4d6890a10483bddb4ffc8820d4b1e1e7406909c8dd14b9de6754a06f1b3d13cf12590181cdf025a011867f7df5a4048a39dc9577d9992e9ae2d16094857801326ad02191468b4186b0b7c03c3088961f9a5844f99aec0b5b8ff95d3f9de691ebfdd4da1998dc7a54d59733a5afe4ff6f0ae50098474bbae916d480b88b112cc4746d9e60eb6b39d4272fc0009740a742328cb19a08ada20c1e6ab14678813b8377a3b5af65c1e4cc4f8650941324f660b9543d4807982b8c4fc4d9328cbc24f1ad7fa64e3165e405f4a4c9aa491954d148468dea6997bd3052e9dec5ee4c51d6bf08cf8575dfa247bf92158a61a6299b876889c8592fc0c1cfe1aa44c7b928fa5547189c5ab8855958571a7c8454dd4a1dc41929fdea9c086db523faaf89132415426ada0777f40566fbc2c8daaad863b36226577d4fbacad56c332e7c46791eaa03ab88a5a459119187f4b58a3082aef048969802e680d2af0ec127a877c1aeba92c5ee5bc71b468396978cbd6e43f57d805335b43857e7a2a4b42eeba5559deef59e545269a26ce17495969aed84fe01124376bacca7d05634f68b6d579cb2ed362002b111564b56e6d5184a34ab92250450a23d2af05674c96e865515feb7605d313fa1489faa875e3f5df4cb22799160610364db5341a4680467cc68e372ee70bb554a95e5531fe7bbacc13b4f7bec2e5ddf58667f598d1ba075f9d6b3ad4079a5cfd380900cc486314cd80b9c60de742e7f4053c465d8e92af905e9d62efd7fd7276591089e1f45898663c370ef113cbb2b452b892f2cdb8a3b1729b5bece8b39732751b5d1d72baba287ec32f1a78dec2a8f75387d32f7a983581db6245ba4b3b84247ff6c944080e86e0d4c2fd470a9c645b9381892476d19ef4d422a4bd22d3cddfc4f39008dee9f40ae256eb5ebda458f80f1c8f3d3bf4406b1c296461d8f4921f60bfec019de1124572579750967f09750cb54fda1884ec2829c31f68ec12535bf9d847fed39844391b417bdcf390f82b42e865abcae7d4d973ac3012cab1843df6b93e30ff541c5e33a0f354736ea7b318224af291b1acf0802140f00356c70dcdff39489cc90d1d61f2a847847c8a8512ff7a7f1b56c6f5e5eebc9104867e640606b3b63d4b88ff1cb30536a54f3319b9de8e71d66bd5620b511d666ca53cd9255c480a3e70329bca7e9492646b13f97355c1ab51553acd66e4fdf0aa5764c5b28c60a53ecb7c4bf191c0fb3034bface5d7de6bfa9789808f36b8c02bf19d0224039827acb1d8b838a934c19750989c77ef4f3450c71423fab2d84580283b56f05e58f216b7da38f6314a9618332150a0187ea4e2589d302fe5f701455feeecbdf92da4fb61f376b0a68ced21410c5204cff73e3dc0773da54c7f73c9fd05fbc36070b0c934a6da0e95762b412e9c290c923350b1932494e152fc2daca4231cc720dc960ea486db567a80dd0640633e2debdd9cec4547ee6dc5d79f5bd9c8c83fb6cbc54a45f6032eb2579ecf2af419ff5930634c5b3392a7919c2966026976839ec8defa7d86ea0df944b13a42b144e756f65460597a3a3eb2d48c49b287b039554e43adcfdbe85aabe2e4a62c4d377c6179e0b6a4ae4d8685fb18756e960dc756e683b2b0f796cb46bc89b14c0a6a35053588bdd1323515979a6e779b26c7c4300c2fc7d5ec6da6562c10da268b7587bedaecf473988972441ceedeccbca6a65d39985b82ece59256dc2a8f4042b21afabf1de8e053d313380d2a0977ca02e45af96dcc6c8b9705c527375f2dc2d8354571fc19cbf67a7ecfd5909630d17b7495c610b8d74aea872da7b7b8537e308d2b7707e57af3182b9820c2e36c5565adba1a11af779d587cfcd82c3935f753791948a1fa91cc04901d59319f9ed86d16247ff0fea215797dbf33253989a0c98f9b515ab79503f842cbf95d295cdce3e451722f450b25c60ff143135c431d0b473e4ba2bae91d4bca108ba5ff0ad572aeed6b2d010750b69a1f72771b76ce81265e720a63228a777cac7accaf4d5481dc44f59ac12b28d3a2a65bd0dc5927d3b3987f124ec5de1400ed7101b888cca9d2f49bd8f3eb1095b03269a13d8edb6b5558cd2aec477aa9cd5ec9158931c0534978b86817cb9db559202688ad7c3bc0a23be6d4aa2c029158780d48bffcb206964de5d8bb41392ae41c1cc7baa5db6c109e56a036e7e87328d5b84bbb3e244c4fe0aeab3ce08eef1772a70ed3803cd6371c871f210faec7b4d4547f197a898ceced7d403b2dee5a39c06fce86bfc2977c23028e5717c7e793006c5349367450e3a0dc48348dd9e4e171d18752a92f18564e53a1f774b68b39e65a88c8f65720ddd73613a794f427952376a9a5e0b4d16beaf4d940bb1d0b2002c950173ec48518ad254302b7af8adb41c9d61edb067b13a560a4d16f4dffcbc21369c2742ee643df2446d47a8e971a59357d2c0e964de3fa118517e5dbc1b3c0d336493af8dce2e9bdafab61f3c4d8d6640f4bf9e6f2536591fa82d348f97e6b73462a07d4d15c395bdde5f271ac9d45b02cfd276ae0f8546c95b09c182f624e9f29c34f255c366a79721290aab6ee33b426be29b49239530bc71fc4bbbc25d69df1c3958ce5f7e9b0dccfe0e16c320cdabd1d55369e9cedfa0f2ec1c6282f900daea95f5df727337c9e5c57d84b7f4dbe20895e736ea981b1ee7c37aa0bf5f76790c3212b183ad447377659d1c9ec72b9218089fd7ad5cabde5768ae9d00f993638cf6f66c1a9389b287c8b707340287610a18c275bb8058874ae60080cd2e1f4171cbeb37c08fd02f1fd5126c9b0bb5f7e5ac9a379a6eeac1c8bcb771ae66e1bac498373afb08df924674f874594c7dfdb1ab6d46d48c2936da3b1d9a2c09a2778c44239e5667ca82058daf47f82ca91b76ff84c9f144dc8b87287820ce802a1fd1b9f78b561278a76308800c0012fff83d8f27e977fdcd6bd86b112e1d31415b9cdefb28857292aa68ceb3ebf768493d0d439debf01fc27cd3ec30eaa085afd3f49b779e6aef95331cc5900e67954d91ef03309fe311846682941d7cdfe43b2ee1d8b2148df248e988d65f9ad701d49deab72684d93ddbd2ed491f0d62b7af15c27df5b377e17475b3e967bad014a5090647c8a7590a8e681bf47fc5b264d12f9b7288a3af26e17fa5e7f194d9368a7c4b9c5e2debe067cf147e86cb56556a2578a0b30bbd2757ae67b645507aeb499ec29c304117272cb0e0cd7948d6f0419e0aedbe142a4e9eaa0040ab173b47ab18723085096647a6b288cba363bb9f20435a42f0e57d017d1c786c6b11a50678926440a7ad5fa99d7e135fb5458bc9cdbb6f8892a73eaabeacd821cc653f7478b39eb5dc568bb3d9bb8970b815d1d611af52a5ec81f6b027012749173b91fa72242a756d2c70ce2112f2e833fc122db4c70983469c2c7b81e76dcb95bd24fe308d106aa25698633e2b57ae0422d8387eaa9e08e81f6873939cb28f8b117fe97895567bc2fd8bd8f9adbfaa73aeaa5e3701181e193332002732ff7d445f2b2413e4068f1748ec97184033c4c8c91107a67380ac2300138a032d5b7d07d0ae16c9232790e760ee06638ebae44a9a949b94a9dd9a4cad9279f036cf771b8b922661fac2657b6c708fa43c5cf2424abb83c94b37ecdd633835b6f56253c9b95ebea510def61b95db99a1f521d6f8000e250d0097351d498b261d111cf959829b455b0e832b0e03b98b235f1278b4e516ea287004b3568815b5ed330551130dd022b59bb9ec9edd91cff22236c1be205a3ae1448631ce475e48ed0226443e8385bf40608921114becccd6e796975dda627e01242597cfafec48e62786b8240b4383ff05fab2b07751ea975638e3dbaeb71c51b7eace9fe7491ea1492d960bce90d650311587c3864891fc16268e7e6ae07e96a6dcbc8618fd30e31124c73cf4f720fc8ce18892a35929cfd0687e8f90650a9b98034ace6a8ee87727c531ffa4fdc9ccbf669e64f40d1ad62b049d55d4cf2a27366860bd0486ad24321fbe9c062c3a8572acaf83a1ebccdad004d21a5fa545012812e79d0f6de6b1da34555a430bd9f24cbca535d37cdba2666f0424586fc3f21509c5b4b2c9fde7c9b8dd8283220fdaf69d66c3b24614f8964e1dbde8b60bc2a556e44b1624598ea4b3405cedfa45041857dc7565d379a208a8042b3700873982002adc6305626e162e6530aa1ae13958f3ed9215ab40696385a1b66cd89e1e510f8118c0f5804ec42f3446e20a4c4161788364e954cf1550eedca8b0c3b83bbd8cd0de557b1bf759c195e5bc53efe4f0ee85310a58906e76e99d472a4b3d566b7eff444b1f9b327be97057607c31ea695ddb429f3fea3b7e81ccdd03f7963806edf692ca6968c5d3b1ade2f70d791ab8ce6cdfd18f44460fbb51b062b729a934e29c10f9e2eb78082034cfa98f313d6f48224fc8d20855d2a1140870dc5f719d63db0601118a15c23eee669d89c01b35d4e4dcab8f9d316e3afe2f5525a157eb7b9abb097eae62ab14e6eefc838e7cb3799bcca24f6ba28c8ef56c38b35524c32fc2783ab2c02968a996b1ed050328903f2d68d799da70d4a6e206410ce4a0cf893985bc342630a40656f5999887e6752e83f86ff552beed89ae4699bab793b790e82ab68c4a400531e70327c382800a4f85c495eb3b41803f3f74684535c5234cb7af5143922033343323c00f5cbcf6a91b136f04fdd534d17fd8d533c5febac68f5be0e0689ad717209c8c037d63e2442e2f25c700e6b24654b9090ed1052405567707eb337499e098b8b2274d3d7529a45ee0bdad3ca1a6a8612c5dc0a30a11f64b74ed5b77209982bd5b03351158bd67e9c86c6a9eaafa621665a9faa014f3551f216d476b1549c6f4ae209ba932ee5d18045ea0d675496a21dc79e6c4e9b25d3b36f361181ff94ca5d405e9cbacdf7032bd1bb8aaa99ba8caba55f8d63256f4e6dc071045e7b0fb18f43a85406e3987811a2918e3eff8045827c579a096e8046a3b32bcbc1576bd943748d9cf1f04894b44122a49ee6966154a52f0e8be6f740d7afbcd43505379bec5b64b42684960d9625e54a34ff5b6474c83b97751f32c18c1ebaca3405018cbc50c4560f00ff3739d9300bbb9a5dc3754e13d15f87d14d33a88bfa48e74801560d32ef0605e2a601d3b9557ee80c02d8bf3e4895b1314850b5d6f0de2c89a88bd926dbb5f3eedea09dd7b404a8e4a701941179d21c014775cef25a8e3524e6e05d16c8996b8245789021a3ec1d7634a25533c17f389fcf256e8473b3a1c850d5f189221acd3b7f0c731da18e264f101d7b2bcc07878b43c206f3e8f8e2e25aff4f0474d4a988ffde8f22398543cdede59e500605994249de36c736c888e189aebe0f3d3180dd2c617cd5d84c0671029d0746fbf3de5345fc7484d99d04644166d71ff7cbd3ca9927a4bf0a5cdee712a67e870a4cd74cdc9f38a33e00d5e936da229d110e22dbcab39f344c324d8e72944c76defb048d52290ba8f07e8dcece5b193d2572ee7b4577d4ec1a66c2d5c6d8f9ccd248f6936b3c560c8d708ca36c8c3346a194a7277df6ee2d0154ef5b73f71ecf84e12e0d6c4bb054618152f5b5cff96021dddd6ef8b333ad7d97239e0e71141551fe0b49f9c9a307192b91442ea8e40002c901b03a2f5db3fba7f01bfad99224e5ea2ed7785896ab10c9a80d3b997bace0e0b4a9a6edb4f71801eb83cd82e184ad5ff9448c5b03a6e50607bf613438dd28bf56b9e350e1dd4f3f6393fb2faaab24aa0b0f9a538281024b40e933eba40766af684f640b5cdcfdbb0bab0812560ec862d49726d49bcff513e3f9283235b2075b89f8ad7f9e7ccfff3de778ed7c261514d689b650a7fa39fa518db2aa6663a72e0c3424102f4322868ae7c2137597972a8135cd5a4f864d592a1567b6cea2b2a19f906e8f77c691eb631a7826dac9db3e7559d043eb0abbdace1ecbe9d6f5b650948beb20005d8a98770e1f8a24333dab233463b012dde1d9ce0833a617b32eb58b852484619e991807110ccfea7a4b0dfb73fc215f967be09a60538de981883af51aad2f13f039d4b3e1e47a85f59fd8ae870e1a19cac689c3c58003f4d75f7b61cae9829008e9790dff1aec9f3b989e7cec2e0cd9c17e2fca966daaaa4b10d142047e115e2f345f65a734c88ec2b1b70721b06c3830ff6d3f5150e48a0348e72655bf7dd6f986f26b98a680ed1197dcddb649ca8d8fb6ac6294fe3404e664177f4d420aa2fe6dfc804a349822aea75a51186eaa72445077f4bfba2bab5b0f0ccd498a5a4a9455c83411c380d8006cca01d6738e6ee5495a6660094e05b7861180d91cef2651eadff7a667dd759d54a6806f1ce8dbe90f1e27f48fed7ca285d04a8a5e2bcebd79be5b6e6600740beb6a2d40bf3c51c61a3dca0ba2bca8a26ac38acbe2b2cc4daeeddfe8429c5ba2cd9f9909cf1b6912fb43cd03e62df21dc165b21c3efc1778d6e8e59281f3b51847c13418e0e87a462d5a918bcea3e19b06315109c77988c5ae2a1cfba8b8f8c2f6598efc89360de62cfcb7e1c0c10fa0c5a1080300be58ba814bd6822b5e9f3955d31d932c86bc6976a4b0d47107d4a57c5f17969f277fddeca8b2d48e5720f1e2b8663b4f4cde46a6dd1ca233eac93f96a63032e76756a66cdb3251463516733993e393660b1c041a204bf99ddc65cbb110c2768dd0758a7e5dc586f76af843a6d012da0553de386cf8df39237f22ee18494ecfd70565109d9aecf3f68b4ec9d707946da1999d49fbd146ef4925990f88aa45bd6778adcf473d2916dca8729c26a4b8cccf4ee1bf6344039a837230a06eae47adb3acb82d079f0a6e20451c3132322075f306441f1fcb95b976e7724746dfb53f4003fc905b4af17853e3940f662a4c0791422cdfadca6dca87f7d67a8db91ee0a13113cfcecb8eb3d77682ad5f179be04e75147789d35c5c2b15e5a0bfc505103b96700
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2x.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-27 378984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401}]
2011-11-18 06:59 105472 ----a-w- c:\program files\RebateRobot\RebateRobot-x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"LXCGCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCGtime.dll" [2007-02-22 28672]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://emachines.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\0gyx2t4p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - PageRage Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&q=
FF - user.js: extentions.y2layers.installId - 88825701-c7ff-4e72-bef7-841c1b249970
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-29 22:37:48
ComboFix-quarantined-files.txt 2011-12-30 03:37
ComboFix2.txt 2011-12-20 02:31
.
Pre-Run: 850,123,735,040 bytes free
Post-Run: 850,126,553,088 bytes free
.
- - End Of File - - 90FB5EFB72C3D4508B787CA5F4F44D2F



Removal Log:

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\ deleted successfully.
C:\Users\John\AppData\Local\652400e0l875q556u474a6ojs2m2 moved successfully.
C:\ProgramData\652400e0l875q556u474a6ojs2m2 moved successfully.
C:\Users\John\AppData\Local\lirxfx1g3jaq1eks4cqe4b563k4h moved successfully.
C:\ProgramData\lirxfx1g3jaq1eks4cqe4b563k4h moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.31.0 log created on 12292011_222649


Edited by neostar, 29 December 2011 - 10:46 PM.


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:55 PM

Posted 30 December 2011 - 10:05 AM

Which browser(s) are you getting redirected on?
Posted Image
m0le is a proud member of UNITE

#15 neostar

neostar
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 30 December 2011 - 10:09 AM

mozilla firefox randomly when using the internet it will open a new tab and go to various different websites. It also does it in google and yahoo search results.

Sometimes it will also open up a new firefox window with the same sites.

Edited by neostar, 30 December 2011 - 10:21 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users