Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win XP SP3 sluggish - unknown startup DLL rqst


  • This topic is locked This topic is locked
6 replies to this topic

#1 MrMark52

MrMark52

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 AM

Posted 12 September 2012 - 04:53 PM

Machine has gotten sluggish over the past weeks. Am also having problems with Windows Explorer freezing up/crashing which resets the order of my TaskBar. I usually have to get to the Task Manager to unfreeze and shut the application down. And I also noticed just last week that the font in Windows Explorer was changed as it is on any "Open
or "Save" windows such as when doing so with MSWord or Excel, Adobe, AutoCAD or any other saved document.

(I think the 'puter may have chicken flu or something. http://www.bleepingcomputer.com/forums/public/style_emoticons/default/dry.gif )

I did run an up to date Malwarebytes yesterday, although did not do so in safe mode. Listing below is most current and nothing has been done since it was created.

Current HiJack this log below - Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:26:05 PM, on 9/12/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
C:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Brother\Web BRAdmin\cgi-bin\wbaagent.exe
C:\Program Files\Brother\Web BRAdmin\cgi-bin\agentrcv.exe
C:\Program Files\Brother\Web BRAdmin\cgi-bin\wbatimer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={ECB7E740-FD93-4C35-A716-FC47851D656D}&mid=c26bf0145c0b47d1b825d15c83bc0c6b-2118f12f2cd8d20e354481a8515c4ca848e4f35e&lang=en&ds=pp012&pr=sa&d=2012-06-18 13:12:54&v=11.1.0.7&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Markie\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} - http://www.sayatv.com/download/SayaTV.cab
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} (Launcher Class) - http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247002181739
O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\22630~1.40\{16cdf~1\browse~1.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\BROWSEUI.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\BROWSEUI.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
O23 - Service: Browser Manager - Unknown owner - C:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Brother BRAgent Service (WBA_Agent_Client_Service) - Unknown owner - C:\Program Files\Brother\Web BRAdmin\cgi-bin\wbaagent.exe
O23 - Service: BRAgent Receiver (WBA_Agent_Receiver) - Unknown owner - C:\Program Files\Brother\Web BRAdmin\cgi-bin\agentrcv.exe
O23 - Service: Brother Web BRAdmin Scheduler (WBA_Scheduler) - Unknown owner - C:\Program Files\Brother\Web BRAdmin\cgi-bin\wbatimer.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13561 bytes

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:00 AM

Posted 15 September 2012 - 08:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
===

Please post the logs and let me know if the problem persists.

#3 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 AM

Posted 18 September 2012 - 04:35 PM

Thanks nasdaq!

Sorry for my delay in getting back to you - work prevails! Logs to follow (note two logs for ADwCleaner below. Ist was after delete and before reboot, 2nd was after reboot)) - And, I already see I need to update Adobe 9.

Thanks again for your help!

ComboFix log -

ComboFix 12-09-18.06 - Markie 09/18/2012 15:52:29.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2132 [GMT -5:00]
Running from: C:\Documents and Settings\Markie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\df7675d2ccffa7462a8c1a55f52bc9b73aa0a38c
C:\Documents and Settings\All Users\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
C:\Documents and Settings\Markie\Application Data\df7675d2ccffa7462a8c1a55f52bc9b73aa0a38c
C:\Documents and Settings\Markie\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
C:\Documents and Settings\Markie\Application Data\SpareLib.dll
C:\Documents and Settings\Markie\Recent\Thumbs.db
C:\Program Files\Mozilla Firefox\searchplugins\search.xml
C:\Thumbs.db
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\Cache\272512937d9e61a4.fb
C:\WINDOWS\system32\Cache\2859468369da70e7.fb
C:\WINDOWS\system32\Cache\287204568329e189.fb
C:\WINDOWS\system32\Cache\28bc8f716fd76a47.fb
C:\WINDOWS\system32\Cache\2c53092c95605355.fb
C:\WINDOWS\system32\Cache\31a0997e9a5b5eb3.fb
C:\WINDOWS\system32\Cache\32c84fe32bb74d60.fb
C:\WINDOWS\system32\Cache\3917078cb68ec657.fb
C:\WINDOWS\system32\Cache\590ba23ce359fd0c.fb
C:\WINDOWS\system32\Cache\610289e025a3ee9a.fb
C:\WINDOWS\system32\Cache\651c5d3cdbfb8bd1.fb
C:\WINDOWS\system32\Cache\6c59ac5e7e7a3ad0.fb
C:\WINDOWS\system32\Cache\6d03dad1035885d3.fb
C:\WINDOWS\system32\Cache\a8556537add6dfc5.fb
C:\WINDOWS\system32\Cache\ad10a52aff5e038d.fb
C:\WINDOWS\system32\Cache\c1fa887b03019701.fb
C:\WINDOWS\system32\Cache\c4d28dca2e7648be.fb
C:\WINDOWS\system32\Cache\d201ef9910cd39de.fb
C:\WINDOWS\system32\Cache\d2e94710a5708128.fb
C:\WINDOWS\system32\Cache\d79b9dfe81484ec4.fb
C:\WINDOWS\system32\Cache\f998975c9cc711ee.fb
C:\WINDOWS\system32\test
C:\WINDOWS\system32\Thumbs.db
C:\WINDOWS\system32\URTTemp
C:\WINDOWS\system32\URTTemp\fusion.dll
C:\WINDOWS\system32\URTTemp\mscoree.dll
C:\WINDOWS\system32\URTTemp\mscoree.dll.local
C:\WINDOWS\system32\URTTemp\mscorsn.dll
C:\WINDOWS\system32\URTTemp\mscorwks.dll
C:\WINDOWS\system32\URTTemp\msvcr71.dll
C:\WINDOWS\system32\URTTemp\regtlib.exe

Infected copy of C:\WINDOWS\system32\userinit.exe was found and disinfected
Restored copy from - C:\WINDOWS\ERDNT\cache\userinit.exe


((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 )))))))))))))))))))))))))))))))


2012-09-18 18:17:07 . 2012-09-18 18:17:07 -------- d-----w- C:\Program Files\iPod
2012-09-18 18:17:03 . 2012-09-18 18:18:28 -------- d-----w- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-13 14:19:58 . 2012-09-13 14:19:58 -------- d-----w- C:\WINDOWS\system32\Dell
2012-09-12 21:13:53 . 2007-05-10 15:22:32 405504 ----a-w- C:\WINDOWS\stsystra.exe
2012-09-12 21:13:53 . 2007-04-10 22:02:00 1601536 ----a-w- C:\WINDOWS\system32\stlang.dll
2012-09-12 21:13:52 . 2007-05-10 15:23:10 4952064 ----a-w- C:\WINDOWS\system32\stacgui.cpl
2012-09-12 21:13:34 . 2007-05-10 15:23:02 270336 ----a-w- C:\WINDOWS\system32\stacapi.dll
2012-09-05 21:47:48 . 2012-09-12 20:17:53 73416 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2012-09-05 21:47:48 . 2012-09-12 20:17:53 696520 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-09-05 21:44:35 . 2012-09-05 21:44:35 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Browser Manager
2012-09-05 21:44:21 . 2012-09-05 21:44:21 -------- d-----w- C:\Documents and Settings\Markie\Application Data\Babylon
2012-09-05 21:44:21 . 2012-09-05 21:44:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Babylon
2012-09-04 13:23:40 . 2012-09-04 13:23:40 -------- d-----w- C:\Program Files\Common Files\Java
2012-09-04 13:21:39 . 2012-09-04 13:21:10 143872 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2012-09-04 13:21:30 . 2012-09-04 13:21:14 93672 ----a-w- C:\WINDOWS\system32\WindowsAccessBridge.dll
2012-08-30 13:16:02 . 2012-09-10 13:04:25 73696 ----a-w- C:\Program Files\Mozilla Firefox\breakpadinjector.dll
2012-08-28 18:00:45 . 2012-08-28 18:00:45 -------- d-----w- C:\Program Files\NirSoft
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-09-07 22:04:46 . 2010-08-28 20:32:21 22856 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-09-04 13:21:10 . 2012-06-06 18:05:35 821736 ----a-w- C:\WINDOWS\system32\npdeployJava1.dll
2012-09-04 13:21:09 . 2010-05-27 21:16:52 746984 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2012-08-21 18:01:22 . 2010-06-20 22:18:55 26840 ----a-w- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01:22 . 2010-06-20 22:18:55 106928 ----a-w- C:\WINDOWS\system32\GEARAspi.dll
2012-08-21 09:13:15 . 2012-03-09 16:40:27 355632 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2012-08-21 09:13:15 . 2012-03-09 16:40:19 54232 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-08-21 09:13:15 . 2012-03-09 16:40:18 729752 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 . 2012-03-09 16:40:21 35928 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-08-21 09:13:14 . 2012-03-09 16:40:17 97608 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-08-21 09:13:14 . 2012-03-09 16:40:17 89624 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2012-08-21 09:13:13 . 2012-03-09 16:40:27 21256 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-08-21 09:13:13 . 2012-03-09 16:40:16 25256 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-08-21 09:12:33 . 2012-02-05 21:09:46 41224 ----a-w- C:\WINDOWS\avastSS.scr
2012-08-21 09:12:23 . 2012-03-09 16:37:34 227648 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2012-07-06 13:58:51 . 2008-04-14 12:00:00 78336 ----a-w- C:\WINDOWS\system32\browser.dll
2012-07-04 14:05:18 . 2009-03-13 20:16:54 139784 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 . 2008-04-14 12:00:00 1866112 ----a-w- C:\WINDOWS\system32\win32k.sys
2012-07-02 17:49:33 . 2008-04-14 12:00:00 916992 ----a-w- C:\WINDOWS\system32\wininet.dll
2012-07-02 17:49:32 . 2008-04-14 12:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2012-07-02 17:49:32 . 2008-04-14 12:00:00 1469440 ----a-w- C:\WINDOWS\system32\inetcpl.cpl
2012-07-02 15:28:58 . 2012-07-02 15:28:32 89088 ----a-w- C:\WINDOWS\4thstub.exe
2012-07-02 12:05:43 . 2008-04-14 12:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec
2012-09-10 13:04:25 . 2012-02-01 22:39:01 266720 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
2007-02-21 18:47:16 31232 --sha-r- C:\WINDOWS\system32\msfDX.dll
2008-03-16 20:30:52 216064 --sha-r- C:\WINDOWS\system32\nbDX.dll
2010-01-07 05:00:00 107520 --sha-r- C:\WINDOWS\system32\TAKDSDecoder.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12:09 121528 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 19:39:52 1289000]
"cdloader"="C:\Documents and Settings\Markie\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 17:36:28 50592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2010-10-29 15:14:44 2498560]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 19:13:38 176128]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 10:42:42 110592]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 06:52:06 59240]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 02:32:54 59280]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 13:46:30 622592]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 18:18:06 77824]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 20:51:26 919008]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-08-21 09:12:26 4282728]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2007-07-20 21:55:46 1228800]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2012-04-15 21:04:44 374368]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-31 01:00:02 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-31 01:00:16 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-31 00:59:36 138008]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2012-04-19 01:56:22 421888]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 14:04:54 252848]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 15:22:32 405504]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-09-10 04:30:34 421776]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2012-5-24 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 04:41:34 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Brother\\Brmfl06b\\FAXRX.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\gpsim\\bin\\gpsim.exe"=
"C:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Brother\\BRAdmin Professional 3\\discover.exe"=
"C:\\Program Files\\Brother\\BRAdmin Professional 3\\AuditorServer.exe"=
"C:\\Program Files\\Brother\\BRAdmin Professional 3\\bradminv3.exe"=
"C:\\Program Files\\Brother\\Web BRAdmin\\cgi-bin\\discover.exe"=
"C:\\Program Files\\Brother\\Web BRAdmin\\cgi-bin\\AuditorServer.exe"=
"C:\\Program Files\\Brother\\Web BRAdmin\\cgi-bin\\wba.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Hobbyist Software\\VLC Streamer\\VLC Streamer Configuration.exe"=
"C:\\Program Files\\Hobbyist Software\\VLC Streamer\\mdnsresponder.exe"=
"C:\\Program Files\\myiHome\\app\\myiHome-server.exe"=
"C:\\Documents and Settings\\Markie\\Application Data\\mjusbsp\\magicJack.exe"=
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [3/9/2012 11:40:18 AM 729752]
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [3/9/2012 11:40:27 AM 355632]
R1 vcdrom;Virtual CD-ROM Device Driver;C:\Downloads\Microsoft\Virtual CD\VCdRom.sys [12/19/2001 11:45:00 AM 8576]
R2 ASFIPmon;Broadcom ASF IP Monitor;C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [10/18/2005 6:11:08 PM 61440]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [3/9/2012 11:40:27 AM 21256]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [1/11/2012 4:25:03 PM 65536]
R2 Browser Manager;Browser Manager;C:\Documents and Settings\All Users\Application Data\Browser Manager\2.2.630.40\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [9/5/2012 4:44:35 PM 1701912]
R2 WBA_Agent_Client_Service;Brother BRAgent Service;C:\Program Files\Brother\Web BRAdmin\cgi-bin\wbaagent.exe [1/20/2012 7:52:39 PM 81920]
R2 WBA_Agent_Receiver;BRAgent Receiver;C:\Program Files\Brother\Web BRAdmin\cgi-bin\agentrcv.exe [1/20/2012 7:52:23 PM 81920]
R2 WBA_Scheduler;Brother Web BRAdmin Scheduler;C:\Program Files\Brother\Web BRAdmin\cgi-bin\wbatimer.exe [1/20/2012 7:52:41 PM 69632]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [1/26/2011 3:32:50 AM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [9/5/2012 4:47:50 PM 250568]
S3 cmvad;C-Media Wi-Sonic Wireless Audio Interface;C:\WINDOWS\system32\drivers\cmudaxv.sys --> C:\WINDOWS\system32\drivers\cmudaxv.sys [?]
S3 cpudrv;cpudrv;C:\Program Files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08:34 AM 11336]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [1/26/2011 3:32:50 AM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys --> C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 1:26:15 PM 114144]
S3 oneuport;MosChip 7703-USB2Serial Port;C:\WINDOWS\system32\drivers\oneuport.sys [1/17/2005 5:05:34 PM 851840]
S3 RT-USB;Ross-Tech USB driver;C:\WINDOWS\system32\drivers\RT-USB.SYS [9/1/2009 6:53:32 PM 59464]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
2007-09-19 15:32:02 7680 ----a-w- C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe

Contents of the 'Scheduled Tasks' folder

2012-09-18 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 21:47:50 . 2012-09-12 20:17:53]

2012-09-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50:20 . 2011-06-01 22:57:16]

2012-09-18 C:\WINDOWS\Tasks\avast! Emergency Update.job
- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-03 13:49:28 . 2012-08-21 09:12:25]

2012-09-18 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-26 08:32:50 . 2011-01-26 08:32:44]

2012-09-18 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-26 08:32:50 . 2011-01-26 08:32:44]


------- Supplementary Scan -------

uStart Page = hxxp://isearch.avg.com/?cid={ECB7E740-FD93-4C35-A716-FC47851D656D}&mid=c26bf0145c0b47d1b825d15c83bc0c6b-2118f12f2cd8d20e354481a8515c4ca848e4f35e&lang=en&ds=pp012&pr=sa&d=2012-06-18 13:12:54&v=11.1.0.7&sap=hp
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.200.100
DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} - hxxp://www.sayatv.com/download/SayaTV.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\h2nx079b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B2529003e-9e74-4cfd-a1c5-d9bea59fc9cc%7D&mid=c26bf0145c0b47d1b825d15c83bc0c6b-2118f12f2cd8d20e354481a8515c4ca848e4f35e&ds=pp012&v=11.1.0.7&lang=en&pr=sa&d=2012-06-18%2012%3A57%3A06&sap=ku&q=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

- - - - ORPHANS REMOVED - - - -

AddRemove-MediaInfo - C:\Downloads\Popcorn Hour\YAMJ\MediaInfo\uninst.exe


SecurityCheck log -

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
JavaFX 2.1.1
Java 7 Update 7
Adobe Flash Player 11.4.402.265
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
BillP Studios WinPatrol winpatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````


ADwCleaner 1st log -

# AdwCleaner v2.002 - Logfile created 09/18/2012 at 16:17:11
# Updated 16/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Markie - MARKDELL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Markie\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Browser Manager

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\h2nx079b.default\searchplugins\Conduit.xml
File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Found : C:\Documents and Settings\All Users\Application Data\Browser Manager
Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Found : C:\Documents and Settings\Markie\Application Data\Babylon
Folder Found : C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\h2nx079b.default\Conduit
Folder Found : C:\Documents and Settings\Markie\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Markie\Start Menu\Programs\Browser Manager
Folder Found : C:\Program Files\OApps

***** [Registry] *****

Key Found : HKCU\Software\BrowserMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BrowserMngr
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\eRightSoft\OpenCandy
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={ECB7E740-FD93-4C35-A716-FC47851D656D}&mid=c26bf0145c0b47d1b825d15c83bc0c6b-2118f12f2cd8d20e354481a8515c4ca848e4f35e&lang=en&ds=pp012&pr=sa&d=2012-06-18 13:12:54&v=11.1.0.7&sap=hp

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\h2nx079b.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.order.1", "Blekko");
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B2529003e-9e74-4cfd-a1c5-d9bea59fc9cc%[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Markie\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.1] : icon_url ={"backup":{"homepage":"hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=a545ea26&toolbarid=blekkotb_soc&u=5B7C61E33AC185FA4E5B274FDF67CA19&tbp=homepage&v=2_0","homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=a545ea26&toolbarid=blekkotb_soc&u=5B7C61E33AC185FA4E5B274FDF67CA19&tbp=homepage&v=2_0"]}},"browser":{"window_placement":{"bottom":756,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":766,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":1,"default_search_provider":{"enabled":true,"encodings":"UTF-8","hxxp://www.google.com/favicon.ico","id":"2","instant_url":"{google:baseURL}webhp?{google:RLZ}sourceid=chrome-instant&{google:instantFieldTrialGroupParameter}ie={inputEncoding}&ion=1{searchTerms}","keyword":"google.com","name":"Google","prepopulate_id":"1","search_url":"{google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}","suggest_url":"{google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}"},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default":true,"show_welcome_page":true,"skip_first_run_ui":false,"system_level":true,"verbose_logging":false},"dns_prefetching":{"host_referral_list":[2,["hxxp://www.avast.com/",["hxxp://static.avast.com/",3.5946610,"hxxp://www.google-analytics.com/",2.273380]]],"startup_list":[1,"hxxp://an.avast.com/","hxxp://static.avast.com/","hxxp://www.avast.com/","hxxp://www.google-analytics.com/","hxxps://program.avast.com/"]},"download":{"extensions_to_open":""},"extensions":{"settings":{"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"app_launcher_index":0,"from_bookmark":true,"from_webstore":false,"install_time":"12974582386758500","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","name":"YouTube","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2"},"page_index":0,"path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2_0","state":1},"coobgpohoikkiipiblmjeljniedjpjpf":{"app_launcher_index":2,"from_bookmark":true,"from_webstore":false,"install_time":"12974582402123500","location":2,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/?source=search_app"},"urls":["*://www.google.com/?source=search_app","*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","name":"Google Search","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.14"},"page_index":0,"path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.14_0","state":1},"pjkljhegncpnkpknbcohdijeoejaedia":{"active_permissions":{"api":["notifications"]},"app_launcher_index":1,"from_bookmark":true,"from_webstore":false,"install_time":"12974582401889500","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxps://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png","24":"24.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","name":"Gmail","options_page":"hxxps://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"6.1.3"},"page_index":0,"path":"pjkljhegncpnkpknbcohdijeoejaedia\\6.1.3_0","state":1}}},"homepage":"hxxp://isearch.avg.com/?cid={ECB7E740-FD93-4C35-A716-FC47851D656D}&mid=c26bf0145c0b47d1b825d15c83bc0c6b-2118f12f2cd8d20e354481a8515c4ca848e4f35e&lang=en&ds=pp012&pr=sa&d=2012-06-18 13:12:54&v=11.1.0.7&sap=hp","homepage_is_newtabpage":false,"ntp":{"promo_build":8,"promo_closed":false,"promo_end":1329551880,"promo_feature_mask":0,"promo_group":0,"promo_group_max":99,"promo_group_timeslice":0,"promo_is_logged_in_to_plus":false,"promo_line":"Have an Android 4.0 phone or tablet? Learn more about <a href=\"hxxp://chrome.blogspot.com/2012/02/introducing-chrome-for-android.html\">Chrome for Android Beta</a>.","promo_platform":7,"promo_resource_cache_update":"1330108764.1635","promo_start":1329465480,"promo_views":0,"promo_views_max":9,"sign_in_promo":{"group_max":100}},"plugins":{"last_internal_directory":"C:\\Program Files\\Google\\Chrome\\Application\\17.0.963.56","plugins_list":[{"enabled":true,"name":"Remoting Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Remoting Viewer"},{"enabled":true,"name":"Native Client","path":"C:\\Program Files\\Google\\Chrome\\Application\\17.0.963.56\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Program Files\\Google\\Chrome\\Application\\17.0.963.56\\pdf.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files\\Google\\Chrome\\Application\\17.0.963.56\\gcswf32.dll","version":"11,1,102,62"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32.dll","version":"11,1,102,62"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Adobe Acrobat","path":"C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll","version":"10.1.2.45"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Authorware Web Player","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\np32asw.dll","version":"2004 "},{"enabled":true,"name":"Authorware Web Player"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.310.5","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npdeployJava1.dll","version":"6.0.310.5"},{"enabled":true,"name":"Java™ Platform SE 6 U31","path":"C:\\Program Files\\Java\\jre6\\bin\\plugin2\\npjp2.dll","version":"6.0.310.5"},{"enabled":true,"name":"Java"},{"enabled":true,"name":"Windows Genuine Advantage","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npLegitCheckPlugin.dll","version":"1.9.0009.1"},{"enabled":true,"name":"Windows Genuine Advantage"},{"enabled":true,"name":"2007 Microsoft Office system","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\NPOFF12.DLL","version":"12.0.4518.1014"},{"enabled":true,"name":"Microsoft Office Live Plug-in for Firefox","path":"C:\\Program Files\\Microsoft\\Office Live\\npOLW.dll","version":"2.0.4024.1"},{"enabled":true,"name":"Microsoft Office"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin2.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin3.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin4.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin5.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin6.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin7.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime"},{"enabled":true,"name":"Microsoft® DRM","path":"C:\\Program Files\\Windows Media Player\\npdrmv2.dll","version":"9.00.00.4504"},{"enabled":true,"name":"Microsoft® DRM","path":"C:\\Program Files\\Windows Media Player\\npwmsdrm.dll","version":"9.00.00.4504"},{"enabled":true,"name":"Microsoft® DRM"},{"enabled":true,"name":"Windows Media Player Plug-in Dynamic Link Library","path":"C:\\Program Files\\Windows Media Player\\npdsplay.dll","version":"3.0.2.629"},{"enabled":true,"name":"Windows Media Player"},{"enabled":true,"name":"DNA Plug-in","path":"C:\\Program Files\\DNA\\plugins\\npbtdna.dll","version":"1,0,0,1"},{"enabled":true,"name":"DNA Plug-in"},{"enabled":true,"name":"Garmin Communicator Plug-In","path":"C:\\Program Files\\Garmin GPS Plugin\\npGarmin.dll","version":"2.8.3.0"},{"enabled":true,"name":"Garmin Communicator Plug-In"},{"enabled":true,"name":"Google Earth Plugin","path":"C:\\Program Files\\Google\\Google Earth\\plugin\\npgeplugin.dll","version":"6.1.0.5001"},{"enabled":true,"name":"Google Earth Plugin"},{"enabled":true,"name":"Google Update","path":"C:\\Program Files\\Google\\Update\\1.3.21.99\\npGoogleUpdate3.dll","version":"1.3.21.99"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"iTunes Application Detector","path":"C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll","version":"1.0.1.1"},{"enabled":true,"name":"iTunes Application Detector"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files\\Microsoft Silverlight\\4.1.10111.0\\npctrl.dll","version":"4.1.10111.0"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"Windows Presentation Foundation","path":"c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll","version":"3.5.30729.1 built by: SP"},{"enabled":true,"name":"Windows Presentation Foundation"},{"enabled":true,"name":"Default Plug-in","path":"default_plugin","version":"1"},{"enabled":true,"name":"Default Plug-in"}]},"profile":{"exited_cleanly":true},"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=a545ea26&toolbarid=blekkotb_soc&u=5B7C61E33AC185FA4E5B274FDF67CA19&tbp=homepage&v=2_0"]}}

*************************

AdwCleaner[R1].txt - [15517 octets] - [18/09/2012 16:17:11]

########## EOF - C:\AdwCleaner[R1].txt - [15578 octets] ##########



2nd ADwCleaner file -

# AdwCleaner v2.002 - Logfile created 09/18/2012 at 16:18:30
# Updated 16/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Markie - MARKDELL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Markie\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\All Users\Application Data\Browser Manager
File Deleted : C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\h2nx079b.default\searchplugins\Conduit.xml
File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\Markie\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\h2nx079b.default\Conduit
Folder Deleted : C:\Documents and Settings\Markie\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Markie\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Program Files\OApps

***** [Registry] *****

Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\eRightSoft\OpenCandy
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={ECB7E740-FD93-4C35-A716-FC47851D656D}&mid=c26bf0145c0b47d1b825d15c83bc0c6b-2118f12f2cd8d20e354481a8515c4ca848e4f35e&lang=en&ds=pp012&pr=sa&d=2012-06-18 13:12:54&v=11.1.0.7&sap=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\h2nx079b.default\prefs.js

C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\h2nx079b.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "Blekko");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B2529003e-9e74-4cfd-a1c5-d9bea59fc9cc%[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Markie\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"backup":{"homepage":"hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=a545ea26&toolbarid=blekkotb_soc&u=5B7C61E33AC185FA4E5B274FDF67CA19&tbp=homepage&v=2_0","homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=a545ea26&toolbarid=blekkotb_soc&u=5B7C61E33AC185FA4E5B274FDF67CA19&tbp=homepage&v=2_0"]}},"browser":{"window_placement":{"bottom":756,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":766,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":1,"default_search_provider":{"enabled":true,"encodings":"UTF-8","hxxp://www.google.com/favicon.ico","id":"2","instant_url":"{google:baseURL}webhp?{google:RLZ}sourceid=chrome-instant&{google:instantFieldTrialGroupParameter}ie={inputEncoding}&ion=1{searchTerms}","keyword":"google.com","name":"Google","prepopulate_id":"1","search_url":"{google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}","suggest_url":"{google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}"},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default":true,"show_welcome_page":true,"skip_first_run_ui":false,"system_level":true,"verbose_logging":false},"dns_prefetching":{"host_referral_list":[2,["hxxp://www.avast.com/",["hxxp://static.avast.com/",3.5946610,"hxxp://www.google-analytics.com/",2.273380]]],"startup_list":[1,"hxxp://an.avast.com/","hxxp://static.avast.com/","hxxp://www.avast.com/","hxxp://www.google-analytics.com/","hxxps://program.avast.com/"]},"download":{"extensions_to_open":""},"extensions":{"settings":{"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"app_launcher_index":0,"from_bookmark":true,"from_webstore":false,"install_time":"12974582386758500","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","name":"YouTube","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2"},"page_index":0,"path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2_0","state":1},"coobgpohoikkiipiblmjeljniedjpjpf":{"app_launcher_index":2,"from_bookmark":true,"from_webstore":false,"install_time":"12974582402123500","location":2,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/?source=search_app"},"urls":["*://www.google.com/?source=search_app","*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","name":"Google Search","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.14"},"page_index":0,"path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.14_0","state":1},"pjkljhegncpnkpknbcohdijeoejaedia":{"active_permissions":{"api":["notifications"]},"app_launcher_index":1,"from_bookmark":true,"from_webstore":false,"install_time":"12974582401889500","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxps://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png","24":"24.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","name":"Gmail","options_page":"hxxps://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"6.1.3"},"page_index":0,"path":"pjkljhegncpnkpknbcohdijeoejaedia\\6.1.3_0","state":1}}},"homepage":"hxxp://isearch.avg.com/?cid={ECB7E740-FD93-4C35-A716-FC47851D656D}&mid=c26bf0145c0b47d1b825d15c83bc0c6b-2118f12f2cd8d20e354481a8515c4ca848e4f35e&lang=en&ds=pp012&pr=sa&d=2012-06-18 13:12:54&v=11.1.0.7&sap=hp","homepage_is_newtabpage":false,"ntp":{"promo_build":8,"promo_closed":false,"promo_end":1329551880,"promo_feature_mask":0,"promo_group":0,"promo_group_max":99,"promo_group_timeslice":0,"promo_is_logged_in_to_plus":false,"promo_line":"Have an Android 4.0 phone or tablet? Learn more about <a href=\"hxxp://chrome.blogspot.com/2012/02/introducing-chrome-for-android.html\">Chrome for Android Beta</a>.","promo_platform":7,"promo_resource_cache_update":"1330108764.1635","promo_start":1329465480,"promo_views":0,"promo_views_max":9,"sign_in_promo":{"group_max":100}},"plugins":{"last_internal_directory":"C:\\Program Files\\Google\\Chrome\\Application\\17.0.963.56","plugins_list":[{"enabled":true,"name":"Remoting Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Remoting Viewer"},{"enabled":true,"name":"Native Client","path":"C:\\Program Files\\Google\\Chrome\\Application\\17.0.963.56\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Program Files\\Google\\Chrome\\Application\\17.0.963.56\\pdf.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files\\Google\\Chrome\\Application\\17.0.963.56\\gcswf32.dll","version":"11,1,102,62"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32.dll","version":"11,1,102,62"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Adobe Acrobat","path":"C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll","version":"10.1.2.45"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Authorware Web Player","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\np32asw.dll","version":"2004 "},{"enabled":true,"name":"Authorware Web Player"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.310.5","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npdeployJava1.dll","version":"6.0.310.5"},{"enabled":true,"name":"Java™ Platform SE 6 U31","path":"C:\\Program Files\\Java\\jre6\\bin\\plugin2\\npjp2.dll","version":"6.0.310.5"},{"enabled":true,"name":"Java"},{"enabled":true,"name":"Windows Genuine Advantage","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npLegitCheckPlugin.dll","version":"1.9.0009.1"},{"enabled":true,"name":"Windows Genuine Advantage"},{"enabled":true,"name":"2007 Microsoft Office system","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\NPOFF12.DLL","version":"12.0.4518.1014"},{"enabled":true,"name":"Microsoft Office Live Plug-in for Firefox","path":"C:\\Program Files\\Microsoft\\Office Live\\npOLW.dll","version":"2.0.4024.1"},{"enabled":true,"name":"Microsoft Office"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin2.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin3.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin4.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin5.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin6.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin7.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime"},{"enabled":true,"name":"Microsoft® DRM","path":"C:\\Program Files\\Windows Media Player\\npdrmv2.dll","version":"9.00.00.4504"},{"enabled":true,"name":"Microsoft® DRM","path":"C:\\Program Files\\Windows Media Player\\npwmsdrm.dll","version":"9.00.00.4504"},{"enabled":true,"name":"Microsoft® DRM"},{"enabled":true,"name":"Windows Media Player Plug-in Dynamic Link Library","path":"C:\\Program Files\\Windows Media Player\\npdsplay.dll","version":"3.0.2.629"},{"enabled":true,"name":"Windows Media Player"},{"enabled":true,"name":"DNA Plug-in","path":"C:\\Program Files\\DNA\\plugins\\npbtdna.dll","version":"1,0,0,1"},{"enabled":true,"name":"DNA Plug-in"},{"enabled":true,"name":"Garmin Communicator Plug-In","path":"C:\\Program Files\\Garmin GPS Plugin\\npGarmin.dll","version":"2.8.3.0"},{"enabled":true,"name":"Garmin Communicator Plug-In"},{"enabled":true,"name":"Google Earth Plugin","path":"C:\\Program Files\\Google\\Google Earth\\plugin\\npgeplugin.dll","version":"6.1.0.5001"},{"enabled":true,"name":"Google Earth Plugin"},{"enabled":true,"name":"Google Update","path":"C:\\Program Files\\Google\\Update\\1.3.21.99\\npGoogleUpdate3.dll","version":"1.3.21.99"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"iTunes Application Detector","path":"C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll","version":"1.0.1.1"},{"enabled":true,"name":"iTunes Application Detector"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files\\Microsoft Silverlight\\4.1.10111.0\\npctrl.dll","version":"4.1.10111.0"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"Windows Presentation Foundation","path":"c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll","version":"3.5.30729.1 built by: SP"},{"enabled":true,"name":"Windows Presentation Foundation"},{"enabled":true,"name":"Default Plug-in","path":"default_plugin","version":"1"},{"enabled":true,"name":"Default Plug-in"}]},"profile":{"exited_cleanly":true},"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=a545ea26&toolbarid=blekkotb_soc&u=5B7C61E33AC185FA4E5B274FDF67CA19&tbp=homepage&v=2_0"]}}

*************************

AdwCleaner[R1].txt - [15648 octets] - [18/09/2012 16:17:11]
AdwCleaner[S1].txt - [15680 octets] - [18/09/2012 16:18:30]

########## EOF - C:\AdwCleaner[S1].txt - [15741 octets] ##########

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:00 AM

Posted 19 September 2012 - 09:14 AM

Open notepad and copy/paste the text in the quote box below into it:

Driver::
Browser Manager


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.

#5 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 AM

Posted 19 September 2012 - 09:50 AM

nasdaq,

I moved the .txt file to ComboFix, ran ComboFix, and it said there was a newer version of ComboFix available, and did I want to download. I told it yes. Not sure if the .txt file was then included with the update.

Posted results are below of letting the scan complete. I can run another scan after dragging the .txt file into the updated version if I need to.

Machine is behaving much more solid, but I have not been using Windows Explorer much since we got started.



ComboFix 12-09-18.07 - Markie 09/19/2012 9:20.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2428 [GMT -5:00]
Running from: c:\documents and settings\Markie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Markie\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\df7675d2ccffa7462a8c1a55f52bc9b73aa0a38c
c:\documents and settings\All Users\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
c:\documents and settings\Markie\Application Data\df7675d2ccffa7462a8c1a55f52bc9b73aa0a38c
c:\documents and settings\Markie\Application Data\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
c:\documents and settings\Markie\Application Data\SpareLib.dll
c:\documents and settings\Markie\Recent\Thumbs.db
c:\program files\Mozilla Firefox\searchplugins\search.xml
C:\Thumbs.db
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\2859468369da70e7.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Thumbs.db
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
-- Previous Run --
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
--------
.
Infected copy of c:\windows\system32\samsrv.dll was found and disinfected
Restored copy from - c:\system volume information\_restore{7511EEF7-8FC5-4167-BD6E-19BDC8CD199D}\RP180\A0034670.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 )))))))))))))))))))))))))))))))
.
.
2012-09-19 14:34 . 2012-09-19 14:34 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-09-19 14:34 . 2012-09-19 14:34 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-09-19 14:34 . 2012-09-19 14:34 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-09-19 14:34 . 2012-09-19 14:34 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-09-19 14:34 . 2012-09-19 14:34 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-09-19 14:34 . 2012-09-19 14:34 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-09-19 14:34 . 2012-09-19 14:34 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-09-19 14:34 . 2012-09-19 14:34 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-09-19 14:34 . 2012-09-19 14:34 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-09-19 14:33 . 2012-09-19 14:33 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-09-19 14:33 . 2012-09-19 14:33 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-09-19 14:33 . 2012-09-19 14:33 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-09-19 14:33 . 2012-09-19 14:33 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-09-19 14:33 . 2012-09-19 14:33 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-09-19 14:33 . 2012-09-19 14:33 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-09-19 14:33 . 2012-09-19 14:33 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-09-19 14:33 . 2012-09-19 14:33 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-09-18 18:17 . 2012-09-18 18:17 -------- d-----w- c:\program files\iPod
2012-09-18 18:17 . 2012-09-18 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-13 14:19 . 2012-09-13 14:19 -------- d-----w- c:\windows\system32\Dell
2012-09-12 21:13 . 2007-05-10 15:22 405504 ----a-w- c:\windows\stsystra.exe
2012-09-12 21:13 . 2007-04-10 22:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2012-09-12 21:13 . 2007-05-10 15:23 4952064 ----a-w- c:\windows\system32\stacgui.cpl
2012-09-12 21:13 . 2007-05-10 15:23 270336 ----a-w- c:\windows\system32\stacapi.dll
2012-09-05 21:47 . 2012-09-18 21:40 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-05 21:47 . 2012-09-18 21:40 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-04 13:23 . 2012-09-04 13:23 -------- d-----w- c:\program files\Common Files\Java
2012-09-04 13:21 . 2012-09-04 13:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-04 13:21 . 2012-09-04 13:21 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-30 13:16 . 2012-09-10 13:04 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-28 18:00 . 2012-08-28 18:00 -------- d-----w- c:\program files\NirSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 22:04 . 2010-08-28 20:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 13:21 . 2012-06-06 18:05 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-04 13:21 . 2010-05-27 21:16 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 18:01 . 2010-06-20 22:18 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01 . 2010-06-20 22:18 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 09:13 . 2012-03-09 16:40 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-03-09 16:40 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-03-09 16:40 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-03-09 16:40 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-03-09 16:40 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-03-09 16:40 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-03-09 16:40 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-03-09 16:40 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-02-05 21:09 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-03-09 16:37 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-03-13 20:16 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 15:28 . 2012-07-02 15:28 89088 ----a-w- c:\windows\4thstub.exe
2012-07-02 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-09-10 13:04 . 2012-02-01 22:39 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2007-02-21 18:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 20:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 05:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-18_21.06.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-18 21:20 . 2012-09-18 21:20 16384 c:\windows\Temp\Perflib_Perfdata_778.dat
+ 2012-09-19 14:33 . 2012-09-19 14:33 16384 c:\windows\Temp\Perflib_Perfdata_724.dat
+ 2012-09-19 14:33 . 2012-09-19 14:33 16384 c:\windows\Temp\Perflib_Perfdata_264.dat
+ 2012-09-19 14:33 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2012-09-18 21:05 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2012-09-18 21:40 . 2012-09-18 21:40 690096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_Plugin.exe
+ 2012-09-05 21:47 . 2012-09-18 21:40 250288 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-01-21 00:32 . 2012-09-19 14:33 222681 c:\windows\system32\inetsrv\MetaBase.bin
+ 2012-09-18 21:40 . 2012-09-18 21:40 9813424 c:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"cdloader"="c:\documents and settings\Markie\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-10-29 2498560]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-07-20 1228800]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-04-15 374368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2012-5-24 24576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Brother\\Brmfl06b\\FAXRX.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\gpsim\\bin\\gpsim.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Brother\\BRAdmin Professional 3\\discover.exe"=
"c:\\Program Files\\Brother\\BRAdmin Professional 3\\AuditorServer.exe"=
"c:\\Program Files\\Brother\\BRAdmin Professional 3\\bradminv3.exe"=
"c:\\Program Files\\Brother\\Web BRAdmin\\cgi-bin\\discover.exe"=
"c:\\Program Files\\Brother\\Web BRAdmin\\cgi-bin\\AuditorServer.exe"=
"c:\\Program Files\\Brother\\Web BRAdmin\\cgi-bin\\wba.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Hobbyist Software\\VLC Streamer\\VLC Streamer Configuration.exe"=
"c:\\Program Files\\Hobbyist Software\\VLC Streamer\\mdnsresponder.exe"=
"c:\\Program Files\\myiHome\\app\\myiHome-server.exe"=
"c:\\Documents and Settings\\Markie\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/9/2012 11:40 AM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/9/2012 11:40 AM 355632]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\downloads\Microsoft\Virtual CD\VCdRom.sys [12/19/2001 11:45 AM 8576]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [10/18/2005 6:11 PM 61440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/9/2012 11:40 AM 21256]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\Brother\BRAdmin Professional 3\bratimer.exe [1/11/2012 4:25 PM 65536]
R2 WBA_Agent_Client_Service;Brother BRAgent Service;c:\program files\Brother\Web BRAdmin\cgi-bin\wbaagent.exe [1/20/2012 7:52 PM 81920]
R2 WBA_Agent_Receiver;BRAgent Receiver;c:\program files\Brother\Web BRAdmin\cgi-bin\agentrcv.exe [1/20/2012 7:52 PM 81920]
R2 WBA_Scheduler;Brother Web BRAdmin Scheduler;c:\program files\Brother\Web BRAdmin\cgi-bin\wbatimer.exe [1/20/2012 7:52 PM 69632]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/26/2011 3:32 AM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [9/5/2012 4:47 PM 250288]
S3 cmvad;C-Media Wi-Sonic Wireless Audio Interface;c:\windows\system32\drivers\cmudaxv.sys --> c:\windows\system32\drivers\cmudaxv.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08 AM 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/26/2011 3:32 AM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 1:26 PM 114144]
S3 oneuport;MosChip 7703-USB2Serial Port;c:\windows\system32\drivers\oneuport.sys [1/17/2005 5:05 PM 851840]
S3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [9/1/2009 6:53 PM 59464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
2007-09-19 15:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 21:40]
.
2012-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2012-09-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-03 09:12]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 08:32]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 08:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.200.100
DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} - hxxp://www.sayatv.com/download/SayaTV.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\documents and settings\Markie\Application Data\Mozilla\Firefox\Profiles\h2nx079b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-vfd-cb - c:\program files\OApps\vfd-cb_uninstall.exe
AddRemove-{302A1E2E-DD58-4673-BC99-9CC10EC2637A} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~2\{302A1~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-19 09:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(6884)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\System32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\fxssvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-09-19 09:42:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-19 14:42
ComboFix2.txt 2012-03-19 15:04
ComboFix3.txt 2012-02-02 21:46
.
Pre-Run: 171,493,134,336 bytes free
Post-Run: 171,557,232,640 bytes free
.
- - End Of File - - 20E6C93CC60C56DCC512E87200F69A82

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:00 AM

Posted 19 September 2012 - 10:06 AM

Looking good.

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#7 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 AM

Posted 19 September 2012 - 10:17 AM

Thanks again nasdaq! Looks like all is good! I will report back on this thread after using WIndows Explorer to see if it hangs and shuts down.

Appreciate it much, again!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users