Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Connection is ON and OFF


  • This topic is locked This topic is locked
53 replies to this topic

#1 renz07bitang

renz07bitang

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 24 January 2012 - 03:22 AM

Hi. Please, if anyone can provide me an analysis with this log file, coz its really bugging me out internet connection. Here's the situation, i have an internet connection for about 30 Minutes to 1 Hour, then suddenly our net connection gone. I already run a thorough scan of Kaspersky Antivirus 2012 and Malwarebytes and found some maleware and trojan, then i immediately remove it but same thing is happening till now. we already called the attention of our ISP but they could not solve it, same thing is happening.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:59:12 PM, on 1/24/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe
C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Adobe\Adobe Premiere Pro CS5\32\dynamiclinkmanager.exe
C:\Program Files\Adobe\Adobe Premiere Pro CS5\32\Adobe QT32 Server.exe
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
D:\For Proofing\Eds Output\Mine\Notes\HideWin.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Rex Concerman\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Users\Rex Concerman\AppData\Roaming\Chikka Messenger\Chikka v.5\ChikkaLauncher.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=w7th&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:/Windows/system32/drivers/etc/proxy
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O2 - BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe -Hide
O4 - HKLM\..\Run: [HDD Regenerator] C:\Program Files (x86)\HDD Regenerator\HDD Regenerator.exe
O4 - HKLM\..\Run: [EverioService] "C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Veoh Giraffic Video Accelerator (Giraffic) - Unknown owner - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13821 bytes

Edited by boopme, 26 January 2012 - 08:11 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 27 January 2012 - 12:49 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 renz07bitang

renz07bitang
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 27 January 2012 - 06:43 AM

Thanks a lot for the reply man. Anyway here what you instructed me to do.

Here is for DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Rex Concerman at 19:30:21 on 2012-01-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2244 [GMT 8:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtblfs.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mSearchAssistant = hxxp://start.facemoods.com/?a=w7th&s={searchTerms}&f=4
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [<NO NAME>]
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
mRun: [AutorunRemover.exe] C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe -Hide
mRun: [HDD Regenerator] C:\Program Files (x86)\HDD Regenerator\HDD Regenerator.exe
mRun: [EverioService] "C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-system: DisableClock = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
LSP: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{74341FAA-ED4C-45A1-B8D9-74BE9D5E2711} : DhcpNameServer = 192.168.0.1
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
BHO-X64: MediaBar - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [(Default)]
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
mRun-x64: [AutorunRemover.exe] C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe -Hide
mRun-x64: [HDD Regenerator] C:\Program Files (x86)\HDD Regenerator\HDD Regenerator.exe
mRun-x64: [EverioService] "C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rex Concerman\AppData\Roaming\Mozilla\Firefox\Profiles\71a2iuwi.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Users\Rex Concerman\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Rex Concerman\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Users\Rex Concerman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Rex Concerman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/16 15:10:23];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-28 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-4-24 202296]
R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --

service [?]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-20 652872]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2010-10-4 64512]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-14 2358656]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-3 2072896]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-26 05:00:37 -------- d-----w- C:\Program Files (x86)\Singular Software
2012-01-26 00:57:34 -------- d-----w- C:\Users\Rex Concerman\AppData\Roaming\proDAD
2012-01-26 00:57:25 -------- d-----w- C:\Program Files\proDAD
2012-01-25 23:00:26 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7553FF3-B5B4-43D4-8FF4-4FF563FC08D4}\offreg.dll
2012-01-25 22:57:17 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7553FF3-B5B4-43D4-8FF4-4FF563FC08D4}\mpengine.dll
2012-01-21 02:03:42 388096 ----a-r- C:\Users\Rex Concerman\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-21 02:03:42 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-01-20 11:45:53 -------- d-----w- C:\Users\Rex Concerman\AppData\Roaming\Malwarebytes
2012-01-20 11:45:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-11 13:07:54 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 13:07:53 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 13:07:53 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 13:07:53 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 13:07:51 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 13:07:51 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 13:07:49 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 13:07:49 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M ====================
.
2011-12-10 07:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-01 02:00:30 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2011-12-01 02:00:30 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-15 06:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-12 11:30:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 09:45:35 0 ----a-w- C:\Windows\System32\uxt97D3.tmp
2011-11-10 09:45:25 0 ----a-w- C:\Windows\System32\uxt71EC.tmp
2011-11-10 09:37:12 0 ----a-w- C:\Windows\System32\uxtEA46.tmp
2011-11-05 08:56:40 91362 ----a-w- C:\ProgramData\1320483180.bdinstall.bin
2011-11-05 07:51:14 149225 ----a-w- C:\ProgramData\1320479302.bdinstall.bin
2011-11-05 07:44:57 15844 ----a-w- C:\ProgramData\1320479088.bdinstall.bin
2011-11-05 07:44:12 472826 ----a-w- C:\ProgramData\1320477756.bdinstall.bin
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-11-02 19:29:26 34624 ----a-w- C:\Windows\System32\TURegOpt.exe
2011-11-02 19:29:10 25920 ----a-w- C:\Windows\System32\authuitu.dll
2011-11-02 19:29:08 28992 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2011-11-02 19:29:08 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
.
============= FINISH: 19:31:43.65 ===============


Here is for Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume7
Install Date: 2/5/2011 10:07:21 AM
System Uptime: 1/27/2012 6:50:02 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M3N78-VM
Processor: AMD Phenom™ 9650 Quad-Core Processor | AM2 | 2300/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 78 GiB total, 11.409 GiB free.
D: is FIXED (NTFS) - 155 GiB total, 34.52 GiB free.
E: is FIXED (NTFS) - 68 GiB total, 5.432 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 119.53 GiB free.
G: is FIXED (NTFS) - 154 GiB total, 45.735 GiB free.
H: is FIXED (NTFS) - 154 GiB total, 23.322 GiB free.
I: is FIXED (NTFS) - 43 GiB total, 1.483 GiB free.
J: is CDROM ()
K: is FIXED (NTFS) - 157 GiB total, 12.911 GiB free.
L: is FIXED (NTFS) - 466 GiB total, 13.164 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP259: 1/26/2012 6:56:50 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Add or Remove Adobe Creative Suite 3 Production Premium
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS3 Presets
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Audition CS5.5
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Community Help
Adobe Creative Suite 3 Production Premium
Adobe Creative Suite 4 Master Collection
Adobe Creative Suite 5 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe Encore CS3 Library
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Glyphlet Creation Tool CS3
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Setup
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
AHV content for Acrobat and Flash
AMD VISION Engine Control Center
Apple Software Update
ATI Catalyst Registration
Aurora 3D Animation Maker version 11.12.05
Autorun Virus Remover 3.1
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
BearShare
Bias Sound Soap 2 DX RTAS VST v2.01
Bing Bar
BS.Player PRO
Canopus Codec Option
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Chikka Messenger
Conduit Engine
Cool & Quiet
CyberLink PowerDVD 10
Diamond Cut Forensics8
Dropbox
FastStone Image Viewer 4.3
Garena 2010
GenArts Sapphire Plug-ins for After Effects (Team V.R Private Edition)
Google Chrome
Google Talk Plugin
HDD Regenerator
HiJackThis
Internet Download Manager
Java Auto Updater
Java™ 6 Update 29
Kaspersky Anti-Virus 2012
Levelator
Lyrics Plugin for Windows Media Player
Magic Bullet Colorista II 64 Bit
Magic Bullet Looks
Magic Bullet Looks PPro
Magic Bullet PhotoLooks for Photoshop 64 bit
Malwarebytes Anti-Malware version 1.60.0.1800
MediaBar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MiniTool Partition Wizard Home Edition 5.2
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed™ Hot Pursuit
NewBlue Video Essentials for Windows
NewBlue Video Essentials III for Windows
NVIDIA ForceWare Network Access Manager
PDF Settings
PDF Settings CS5
Perfectly Clear Plugin 1.5.5
Photoshop Camera Raw
Pixel Bender Toolkit
Platform
PluralEyes® 1.2.10 for Premiere® Pro
PowerCinema NE for Everio
PowerDirector Express
PowerProducer
PxMergeModule
QuickTime
Revo Uninstaller 1.93
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 5.5
SpiceMASTER 2.5 Premiere
Suite Shared Configuration CS4
TeamViewer 6
The Lord of the Rings FREE Trial
Total Video Converter 3.50
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentBar Toolbar
Veoh Giraffic Video Accelerator
Veoh Web Player
VIA Platform Device Manager
VirtualCloneDrive
VLC media player 1.1.11
Xfire (remove only)
YouSendIt Express
.
==== Event Viewer Messages From Past Week ========
.
1/27/2012 6:50:33 PM, Error: Service Control Manager [7000] - The Hardlock service failed to start

due to the following error: Windows cannot verify the digital signature for this file. A recent

hardware or software change might have installed a file that is signed incorrectly or damaged, or

that might be malicious software from an unknown source.
1/27/2012 6:50:20 PM, Error: Service Control Manager [7000] - The UAC File Virtualization service

failed to start due to the following error: The system cannot find the file specified.
1/27/2012 5:23:54 PM, Error: Service Control Manager [7031] - The Windows Event Log service

terminated unexpectedly. It has done this 1 time(s). The following corrective action will be

taken in 60000 milliseconds: Restart the service.
1/27/2012 5:23:54 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000

milliseconds: Restart the service.
1/27/2012 5:23:54 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service

terminated unexpectedly. It has done this 1 time(s). The following corrective action will be

taken in 100 milliseconds: Restart the service.
1/27/2012 5:23:54 PM, Error: Service Control Manager [7031] - The Security Center service

terminated unexpectedly. It has done this 1 time(s). The following corrective action will be

taken in 120000 milliseconds: Restart the service.
1/27/2012 5:23:54 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000

milliseconds: Restart the service.
1/26/2012 7:03:22 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to

take a corrective action (Restart the service) after the unexpected termination of the DHCP Client

service, but this action failed with the following error: An instance of the service is already

running.
1/26/2012 6:29:05 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because

the shadow copy storage could not grow due to a user imposed limit.
1/24/2012 10:33:57 AM, Error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service

service terminated unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 10000 milliseconds: Restart the service.
1/24/2012 10:16:29 AM, Error: NetBT [4321] - The name "LASERWRITER :1d" could not be registered

on the interface with IP address 192.168.0.100. The computer with the IP address 192.168.0.102 did

not allow the name to be claimed by this computer.
1/20/2012 7:54:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was

reached while waiting for a transaction response from the WerSvc service.
.
==== End Of File ===========================


and here's is another situation in my problem. When i don't have an internet connection atfter 30 minutes to 1 hour, what i did is Turn of our Router for about 1-2 Minutes then turn on router, then boom, internet connection is back. but same problem is happening all the time. is it possible that our router is damage or it has a virus or something that is blocking the net to pass through to our HUB? Really appreciate your help Gringo.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 27 January 2012 - 07:35 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 29 January 2012 - 11:46 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 renz07bitang

renz07bitang
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 30 January 2012 - 02:24 AM

Sorry for the late reply Gringo. I've been very this fast few days, have a Wedding coverage for 4 days straight. anyway here's what you told me to do.


ComboFix 12-01-29.02 - Rex Concerman 01/30/2012 13:51:02.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2363 [GMT 8:00]
Running from: c:\users\Rex Concerman\Desktop\Troubleshooting\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\program files (x86)\HDD Regenerator\HDD Regenerator.exe
c:\windows\SysWow64\cc32100mt.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-30 06:00 . 2012-01-30 06:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-29 04:58 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BC102BD-655B-4A4B-B0EA-23E0BDAC3993}\mpengine.dll
2012-01-26 05:00 . 2012-01-26 05:00 -------- d-----w- c:\program files (x86)\Singular Software
2012-01-26 00:57 . 2012-01-26 00:57 -------- d-----w- c:\users\Rex Concerman\AppData\Roaming\proDAD
2012-01-26 00:57 . 2012-01-26 00:57 -------- d-----w- c:\program files\proDAD
2012-01-21 02:03 . 2012-01-21 02:03 388096 ----a-r- c:\users\Rex Concerman\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-21 02:03 . 2012-01-21 02:03 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-20 11:45 . 2012-01-20 11:45 -------- d-----w- c:\users\Rex Concerman\AppData\Roaming\Malwarebytes
2012-01-20 11:45 . 2012-01-20 11:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-11 13:07 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 13:07 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 13:07 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 13:07 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 13:07 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 13:07 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 13:07 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 13:07 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-06 09:13 . 2012-01-06 09:13 -------- d-----w- c:\users\MARCO POLO HOTEL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 07:24 . 2011-09-19 07:43 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 02:39 . 2011-02-04 11:51 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-01 02:00 . 2011-12-01 02:00 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2011-12-01 02:00 . 2011-12-01 02:00 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2011-11-24 04:52 . 2011-12-14 06:11 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-12 11:30 . 2011-11-11 12:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 09:45 . 2011-11-10 09:45 0 ----a-w- c:\windows\system32\uxt97D3.tmp
2011-11-10 09:45 . 2011-11-10 09:45 0 ----a-w- c:\windows\system32\uxt71EC.tmp
2011-11-10 09:37 . 2011-11-10 09:37 0 ----a-w- c:\windows\system32\uxtEA46.tmp
2011-11-05 08:56 . 2011-11-05 08:56 91362 ----a-w- c:\programdata\1320483180.bdinstall.bin
2011-11-05 07:51 . 2011-11-05 07:51 149225 ----a-w- c:\programdata\1320479302.bdinstall.bin
2011-11-05 07:44 . 2011-11-05 07:44 15844 ----a-w- c:\programdata\1320479088.bdinstall.bin
2011-11-05 07:44 . 2011-11-05 07:44 472826 ----a-w- c:\programdata\1320477756.bdinstall.bin
2011-11-05 05:32 . 2011-12-14 06:11 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 06:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 14:29 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 14:29 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 14:29 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 14:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 14:29 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 14:29 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 14:29 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 14:29 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-11-02 19:29 . 2011-11-10 09:42 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-11-02 19:29 . 2011-02-08 05:12 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-11-02 19:29 . 2011-02-08 05:12 28992 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-11-02 19:29 . 2011-02-08 05:12 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 05:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-06-01 18:28 1236400 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 05:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-05-30 13:48 87480 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll" [2011-05-30 87480]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-08-04 2757960]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-11-13 3437976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
"AutorunRemover.exe"="c:\program files (x86)\AutorunRemover\AutorunRemover.exe" [2011-04-22 1806848]
"EverioService"="c:\program files (x86)\CyberLink\PCM4Everio\EverioService.exe" [2007-03-29 151552]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\J:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"EverioService"="c:\program files (x86)\CyberLink\PCM4Everio\EverioService.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"DATAMNGR"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
"BDRegion"=c:\program files (x86)\Cyberlink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va003;X6va003;c:\users\REXCON~1\AppData\Local\Temp\003AEE1.tmp [x]
R3 X6va005;X6va005;c:\users\REXCON~1\AppData\Local\Temp\005F98C.tmp [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/16 15:10];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 13:29 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-23 55424]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2010-10-04 64512]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-02 2072896]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1319045090-2871250657-2698756511-1000Core.job
- c:\users\Rex Concerman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-04 20:06]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1319045090-2871250657-2698756511-1000UA.job
- c:\users\Rex Concerman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-04 20:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-06-01 18:28 1793456 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Rex Concerman\AppData\Roaming\Mozilla\Firefox\Profiles\71a2iuwi.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-HDD Regenerator - c:\program files (x86)\HDD Regenerator\HDD Regenerator.exe
SafeBoot-ksupmgr
Toolbar-10 - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\REXCON~1\AppData\Local\Temp\003AEE1.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\REXCON~1\AppData\Local\Temp\005F98C.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆÈ21kle a]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆÈ21kle a\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**ˆÈ21kle a]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,52,65,78,20,43,6f,6e,63,65,72,6d,61,6e,5c,
44,6f,77,6e,6c,6f,61,64,73,5c,56,69,64,65,6f,5c,69,6e,74,69,6d,61,74,65,5f,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a4,c9,8d,84,bd,73,92,fa,b5,38,92,29,53,06,8e,08,98,8a,78,b2,68,
0f,29,ee,88,18,60,f5,aa,c7,49,ae,2f,72,a3,6c,7a,31,f1,2a,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000_Classes\Wow6432Node\CLSID\{87d5ad4e-e321-4e21-8c90-a93f9ab0fde3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000006b
"Therad"=dword:00000011
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{09FDDD56-E268-8EA1-B787-4D14E7E069D2}\InProcServer32*]
"jababhjbhngdhbihmfdj"=hex:6a,61,61,6c,6d,6f,61,6b,68,65,6c,66,69,6a,6d,6c,6c,
70,67,68,00,fc
"iabalhdbknfdmebnpm"=hex:6a,61,61,6c,6d,6f,61,6b,68,65,6c,66,69,6a,6d,6c,6c,70,
67,68,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E094A42E-E8DA-9660-0B9B-F1BB2B4EA881}\InProcServer32*]
"jaeomfcddmmnemcbebfi"=hex:6a,61,68,6c,66,62,6f,61,70,67,63,65,68,66,66,67,6f,
64,62,70,00,fc
"iaeogpphdhhkdmlojn"=hex:6a,61,68,6c,66,62,6f,61,70,67,63,65,68,66,66,67,6f,64,
62,70,00,fc
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-30 14:03:51
ComboFix-quarantined-files.txt 2012-01-30 06:03
.
Pre-Run: 10,788,278,272 bytes free
Post-Run: 11,450,261,504 bytes free
.
- - End Of File - - 11A3E8925FD1C38C625B678EB6D4C7C1


Observing now the result after i running combofix. Anyway can you pinpoint to me in that log file the malware or anything that is blocking my net connection? if it's ok with you.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 30 January 2012 - 02:57 AM

Hello

Lets check your internet connection

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 renz07bitang

renz07bitang
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 30 January 2012 - 05:01 AM

Should i run it now? coz right now I'm still observing if there is a good result after running combofix? and one thing, should i run this with the internet connection is OK or when the problem occurs?

Edited by renz07bitang, 30 January 2012 - 05:44 AM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 30 January 2012 - 06:27 AM

go ahead and run it - it will make no changes and if I see something that needs to be changed I will go ahead and do it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 renz07bitang

renz07bitang
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 30 January 2012 - 09:27 PM

Done gringo.

Farbar Service Scanner Version: 18-01-2012 01
Ran by Rex Concerman (administrator) on 31-01-2012 at 10:24:49
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 30 January 2012 - 09:44 PM

That looks good



:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 renz07bitang

renz07bitang
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 30 January 2012 - 10:35 PM

Here it is gringo.

ComboFix 12-01-30.02 - Rex Concerman 01/31/2012 11:01:54.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2305 [GMT 8:00]
Running from: c:\users\Rex Concerman\Desktop\Troubleshooting\ComboFix.exe
Command switches used :: c:\users\Rex Concerman\Desktop\Troubleshooting\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-31 03:11 . 2012-01-31 03:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 03:11 . 2012-01-31 03:11 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-01-29 04:58 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BC102BD-655B-4A4B-B0EA-23E0BDAC3993}\mpengine.dll
2012-01-26 05:00 . 2012-01-26 05:00 -------- d-----w- c:\program files (x86)\Singular Software
2012-01-26 00:57 . 2012-01-26 00:57 -------- d-----w- c:\users\Rex Concerman\AppData\Roaming\proDAD
2012-01-26 00:57 . 2012-01-26 00:57 -------- d-----w- c:\program files\proDAD
2012-01-21 02:03 . 2012-01-21 02:03 388096 ----a-r- c:\users\Rex Concerman\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-21 02:03 . 2012-01-21 02:03 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-20 11:45 . 2012-01-20 11:45 -------- d-----w- c:\users\Rex Concerman\AppData\Roaming\Malwarebytes
2012-01-20 11:45 . 2012-01-20 11:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-11 13:07 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 13:07 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 13:07 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 13:07 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 13:07 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 13:07 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 13:07 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 13:07 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-06 09:13 . 2012-01-30 06:03 -------- d-----w- c:\users\MARCO POLO HOTEL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 07:24 . 2011-09-19 07:43 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 02:39 . 2011-02-04 11:51 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-01 02:00 . 2011-12-01 02:00 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2011-12-01 02:00 . 2011-12-01 02:00 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2011-11-24 04:52 . 2011-12-14 06:11 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-12 11:30 . 2011-11-11 12:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 09:45 . 2011-11-10 09:45 0 ----a-w- c:\windows\system32\uxt97D3.tmp
2011-11-10 09:45 . 2011-11-10 09:45 0 ----a-w- c:\windows\system32\uxt71EC.tmp
2011-11-10 09:37 . 2011-11-10 09:37 0 ----a-w- c:\windows\system32\uxtEA46.tmp
2011-11-05 08:56 . 2011-11-05 08:56 91362 ----a-w- c:\programdata\1320483180.bdinstall.bin
2011-11-05 07:51 . 2011-11-05 07:51 149225 ----a-w- c:\programdata\1320479302.bdinstall.bin
2011-11-05 07:44 . 2011-11-05 07:44 15844 ----a-w- c:\programdata\1320479088.bdinstall.bin
2011-11-05 07:44 . 2011-11-05 07:44 472826 ----a-w- c:\programdata\1320477756.bdinstall.bin
2011-11-05 05:32 . 2011-12-14 06:11 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 06:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 14:29 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 14:29 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 14:29 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 14:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 14:29 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 14:29 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 14:29 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 14:29 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-11-02 19:29 . 2011-11-10 09:42 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-11-02 19:29 . 2011-02-08 05:12 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-11-02 19:29 . 2011-02-08 05:12 28992 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-11-02 19:29 . 2011-02-08 05:12 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-30_06.00.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-04 10:25 . 2012-01-30 06:08 84572 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-31 02:16 33780 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-04 10:16 . 2012-01-31 02:16 16896 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1319045090-2871250657-2698756511-1000_UserData.bin
- 2012-01-30 02:14 . 2012-01-30 05:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-30 06:06 . 2012-01-31 02:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-30 02:14 . 2012-01-30 05:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-30 06:06 . 2012-01-31 02:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-25 05:19 . 2012-01-30 06:05 8131584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-01-18 04:09 1503248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-30 06:05 1503248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-23 11:55 . 2012-01-30 06:05 19186528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1319045090-2871250657-2698756511-1000-8192.dat
- 2011-05-23 11:55 . 2012-01-18 04:09 19186528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1319045090-2871250657-2698756511-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 05:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-06-01 18:28 1236400 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 05:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-05-30 13:48 87480 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll" [2011-05-30 87480]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-08-04 2757960]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-11-13 3437976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
"AutorunRemover.exe"="c:\program files (x86)\AutorunRemover\AutorunRemover.exe" [2011-04-22 1806848]
"EverioService"="c:\program files (x86)\CyberLink\PCM4Everio\EverioService.exe" [2007-03-29 151552]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\J:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"EverioService"="c:\program files (x86)\CyberLink\PCM4Everio\EverioService.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"DATAMNGR"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
"BDRegion"=c:\program files (x86)\Cyberlink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va003;X6va003;c:\users\REXCON~1\AppData\Local\Temp\003AEE1.tmp [x]
R3 X6va005;X6va005;c:\users\REXCON~1\AppData\Local\Temp\005F98C.tmp [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/16 15:10];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 13:29 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-23 55424]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2010-10-04 64512]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-02 2072896]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1319045090-2871250657-2698756511-1000Core.job
- c:\users\Rex Concerman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-04 20:06]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1319045090-2871250657-2698756511-1000UA.job
- c:\users\Rex Concerman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-04 20:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-06-01 18:28 1793456 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Rex Concerman\AppData\Roaming\Mozilla\Firefox\Profiles\71a2iuwi.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\REXCON~1\AppData\Local\Temp\003AEE1.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\REXCON~1\AppData\Local\Temp\005F98C.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆÈ21kle a]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆÈ21kle a\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**ˆÈ21kle a]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,52,65,78,20,43,6f,6e,63,65,72,6d,61,6e,5c,
44,6f,77,6e,6c,6f,61,64,73,5c,56,69,64,65,6f,5c,69,6e,74,69,6d,61,74,65,5f,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a4,c9,8d,84,bd,73,92,fa,b5,38,92,29,53,06,8e,08,98,8a,78,b2,68,
0f,29,ee,88,18,60,f5,aa,c7,49,ae,2f,72,a3,6c,7a,31,f1,2a,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000_Classes\Wow6432Node\CLSID\{87d5ad4e-e321-4e21-8c90-a93f9ab0fde3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000006b
"Therad"=dword:00000011
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{09FDDD56-E268-8EA1-B787-4D14E7E069D2}\InProcServer32*]
"jababhjbhngdhbihmfdj"=hex:6a,61,61,6c,6d,6f,61,6b,68,65,6c,66,69,6a,6d,6c,6c,
70,67,68,00,fc
"iabalhdbknfdmebnpm"=hex:6a,61,61,6c,6d,6f,61,6b,68,65,6c,66,69,6a,6d,6c,6c,70,
67,68,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E094A42E-E8DA-9660-0B9B-F1BB2B4EA881}\InProcServer32*]
"jaeomfcddmmnemcbebfi"=hex:6a,61,68,6c,66,62,6f,61,70,67,63,65,68,66,66,67,6f,
64,62,70,00,fc
"iaeogpphdhhkdmlojn"=hex:6a,61,68,6c,66,62,6f,61,70,67,63,65,68,66,66,67,6f,64,
62,70,00,fc
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-31 11:14:20
ComboFix-quarantined-files.txt 2012-01-31 03:14
ComboFix2.txt 2012-01-30 06:03
.
Pre-Run: 12,045,799,424 bytes free
Post-Run: 11,719,315,456 bytes free
.
- - End Of File - - 1FC0B3A4C11857C1E17BE21A4D46A729

Anyway gringo. something weird happened to my net while running combofix. my net connection lost so i i did take the initiative to run FSS, thinking it might help. here it is

Farbar Service Scanner Version: 18-01-2012 01
Ran by Rex Concerman (administrator) on 31-01-2012 at 11:17:04
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 30 January 2012 - 11:28 PM

Fss looks good restart the computer and check the internet

if it still does not work run combofix once more


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 renz07bitang

renz07bitang
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 31 January 2012 - 12:22 AM

got serious problem gringo after that last run of combofix some of my programs won't work. and I'm experiencing slowdown on my Adobe Premiere CS5. and my Powerdirector Express got an error saying Runtime error. anyway. I'll to run combofix again.

#15 renz07bitang

renz07bitang
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 31 January 2012 - 12:50 AM

done running combofix. observing results now. Below is the log of the last combofix run.

ComboFix 12-01-30.02 - Rex Concerman 01/31/2012 13:25:23.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2767 [GMT 8:00]
Running from: c:\users\Rex Concerman\Desktop\Troubleshooting\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-31 05:34 . 2012-01-31 05:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 05:34 . 2012-01-31 05:34 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-01-29 04:58 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BC102BD-655B-4A4B-B0EA-23E0BDAC3993}\mpengine.dll
2012-01-26 05:00 . 2012-01-26 05:00 -------- d-----w- c:\program files (x86)\Singular Software
2012-01-26 00:57 . 2012-01-26 00:57 -------- d-----w- c:\users\Rex Concerman\AppData\Roaming\proDAD
2012-01-26 00:57 . 2012-01-26 00:57 -------- d-----w- c:\program files\proDAD
2012-01-21 02:03 . 2012-01-21 02:03 388096 ----a-r- c:\users\Rex Concerman\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-21 02:03 . 2012-01-21 02:03 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-20 11:45 . 2012-01-20 11:45 -------- d-----w- c:\users\Rex Concerman\AppData\Roaming\Malwarebytes
2012-01-20 11:45 . 2012-01-20 11:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-11 13:07 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 13:07 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 13:07 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 13:07 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 13:07 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 13:07 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 13:07 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 13:07 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-06 09:13 . 2012-01-30 06:03 -------- d-----w- c:\users\MARCO POLO HOTEL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 07:24 . 2011-09-19 07:43 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 02:39 . 2011-02-04 11:51 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-01 02:00 . 2011-12-01 02:00 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2011-12-01 02:00 . 2011-12-01 02:00 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2011-11-24 04:52 . 2011-12-14 06:11 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-12 11:30 . 2011-11-11 12:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 09:45 . 2011-11-10 09:45 0 ----a-w- c:\windows\system32\uxt97D3.tmp
2011-11-10 09:45 . 2011-11-10 09:45 0 ----a-w- c:\windows\system32\uxt71EC.tmp
2011-11-10 09:37 . 2011-11-10 09:37 0 ----a-w- c:\windows\system32\uxtEA46.tmp
2011-11-05 08:56 . 2011-11-05 08:56 91362 ----a-w- c:\programdata\1320483180.bdinstall.bin
2011-11-05 07:51 . 2011-11-05 07:51 149225 ----a-w- c:\programdata\1320479302.bdinstall.bin
2011-11-05 07:44 . 2011-11-05 07:44 15844 ----a-w- c:\programdata\1320479088.bdinstall.bin
2011-11-05 07:44 . 2011-11-05 07:44 472826 ----a-w- c:\programdata\1320477756.bdinstall.bin
2011-11-05 05:32 . 2011-12-14 06:11 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 06:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 14:29 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 14:29 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 14:29 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 14:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 14:29 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 14:29 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 14:29 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 14:29 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-11-02 19:29 . 2011-11-10 09:42 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-11-02 19:29 . 2011-02-08 05:12 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-11-02 19:29 . 2011-02-08 05:12 28992 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-11-02 19:29 . 2011-02-08 05:12 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-30_06.00.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-04 10:25 . 2012-01-31 05:11 84588 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-31 05:11 33844 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-04 10:16 . 2012-01-31 05:11 16896 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1319045090-2871250657-2698756511-1000_UserData.bin
+ 2012-01-31 05:10 . 2012-01-31 05:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-30 02:14 . 2012-01-30 05:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-30 02:14 . 2012-01-30 05:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-31 05:10 . 2012-01-31 05:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-25 05:19 . 2012-01-30 06:05 8131584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-01-18 04:09 1503248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-31 04:52 1503248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-23 11:55 . 2012-01-31 04:52 19220252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1319045090-2871250657-2698756511-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 05:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-06-01 18:28 1236400 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 05:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-05-30 13:48 87480 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll" [2011-05-30 87480]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-08-04 2757960]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-11-13 3437976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
"AutorunRemover.exe"="c:\program files (x86)\AutorunRemover\AutorunRemover.exe" [2011-04-22 1806848]
"EverioService"="c:\program files (x86)\CyberLink\PCM4Everio\EverioService.exe" [2007-03-29 151552]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\J:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"EverioService"="c:\program files (x86)\CyberLink\PCM4Everio\EverioService.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"DATAMNGR"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
"BDRegion"=c:\program files (x86)\Cyberlink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va003;X6va003;c:\users\REXCON~1\AppData\Local\Temp\003AEE1.tmp [x]
R3 X6va005;X6va005;c:\users\REXCON~1\AppData\Local\Temp\005F98C.tmp [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/16 15:10];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 13:29 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-23 55424]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2010-10-04 64512]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-02 2072896]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1319045090-2871250657-2698756511-1000Core.job
- c:\users\Rex Concerman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-04 20:06]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1319045090-2871250657-2698756511-1000UA.job
- c:\users\Rex Concerman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-04 20:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-06-01 18:28 1793456 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Rex Concerman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Rex Concerman\AppData\Roaming\Mozilla\Firefox\Profiles\71a2iuwi.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\REXCON~1\AppData\Local\Temp\003AEE1.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\REXCON~1\AppData\Local\Temp\005F98C.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆÈ21kle a]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆÈ21kle a\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**ˆÈ21kle a]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,52,65,78,20,43,6f,6e,63,65,72,6d,61,6e,5c,
44,6f,77,6e,6c,6f,61,64,73,5c,56,69,64,65,6f,5c,69,6e,74,69,6d,61,74,65,5f,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a4,c9,8d,84,bd,73,92,fa,b5,38,92,29,53,06,8e,08,98,8a,78,b2,68,
0f,29,ee,88,18,60,f5,aa,c7,49,ae,2f,72,a3,6c,7a,31,f1,2a,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1319045090-2871250657-2698756511-1000_Classes\Wow6432Node\CLSID\{87d5ad4e-e321-4e21-8c90-a93f9ab0fde3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000006b
"Therad"=dword:00000011
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{09FDDD56-E268-8EA1-B787-4D14E7E069D2}\InProcServer32*]
"jababhjbhngdhbihmfdj"=hex:6a,61,61,6c,6d,6f,61,6b,68,65,6c,66,69,6a,6d,6c,6c,
70,67,68,00,fc
"iabalhdbknfdmebnpm"=hex:6a,61,61,6c,6d,6f,61,6b,68,65,6c,66,69,6a,6d,6c,6c,70,
67,68,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E094A42E-E8DA-9660-0B9B-F1BB2B4EA881}\InProcServer32*]
"jaeomfcddmmnemcbebfi"=hex:6a,61,68,6c,66,62,6f,61,70,67,63,65,68,66,66,67,6f,
64,62,70,00,fc
"iaeogpphdhhkdmlojn"=hex:6a,61,68,6c,66,62,6f,61,70,67,63,65,68,66,66,67,6f,64,
62,70,00,fc
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-31 13:37:52
ComboFix-quarantined-files.txt 2012-01-31 05:37
ComboFix2.txt 2012-01-31 03:14
ComboFix3.txt 2012-01-30 06:03
.
Pre-Run: 12,323,016,704 bytes free
Post-Run: 11,758,673,920 bytes free
.
- - End Of File - - 8C2324D4702C12F018BC94FA3C0456BD




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users