Jump to content

Lorrea Hall

Members
  • Content Count

    21
  • Joined

  • Last visited

About Lorrea Hall

  • Rank
    Member
  1. Yes, this computer is essential to my work and I just need to get back to business so I think I just need to cut my losses, back-up as much as I can and start fresh! It will probably be good for my computer to get a fresh start with nothing on it. I know I still need to make sure that my external hard drive is clean as well, hopefully none of this has passed over to that. I am hoping that since I only back-up documents, photo's and videos that nothing too malicious is hiding out over there. Lorrea
  2. O.k. another update! I was able to find the most important product codes. So please let me know what to do next. Thank you again for your time on this, I know I've been around for quite a while. Lorrea
  3. Alright, I took some time this morning to see what I could do about my missing software becuase I am beginning to think that a clean sweep of this computer is what I really need to do. I did find the software but the keycode is missing. I was searching online and there was some indication that there maybe some sort of Keycode finder that I could use to pull off keycodes that are on my computer. I am wondering if you know of any safe ones to use for this. I will start working on making sure there are no additional files I need to back-up on my computer. I did a recent back-up so most should already be taken care of. Thanks Lorrea
  4. O.k. so I ran Kapersky once and it stopped 10 hours latter for some reason. So I ran it again and 20 hours latter it finished, showing 2 infections. I saved the log on my computer...then I proceeded to open it to send it to you and that's when it got hairy. My computer locked up, I shut-down, restarted and tried again...still locked up so again shut-down, restarted....Repeated another 2 times then just shut-down for the night. I started up this morning and went to my documents to try to open the log again and got an error saying that my documents are not accessible. I am trying to stay calm :-). Please help!!!
  5. Alright apparently my pc is trying to tell me something...my husband got home and so I tried to show him what it was doing and instead it uninstalled the program with no problems at all. Both programs are now gone...moving on to step 2....
  6. Another potential problem I spotted today...it's something called "Text Enhance" I checked my plug-in on my browser but couldn't find the source of this. I have seen this before on blogs and thought it was somehow connected to the blog but today I was on my son's school platform and I seen an oddly highlighted text, when I scrolled over it, it popped up with this advertisement. It didn't make sense that the school approved of this so I did a search and it seems that these "links" may actually be originating from my machine rather than the other way around. I don't want to side track us but if this is all somehow related I thought it pertinent to let you know of this finding.
  7. Sorry for a late reply long-day at work today!! I had Norton on my computer before, my brother tried uninstalling it over christmas but was unable to get it off for some reason it messed up the registry or something and wouldn't boot back-up then when it did it wasn't gone. I just went ahead and installed the McAfee anyway..so that's the story behind that one. I would be happy to take it off but when he tried my computer totally died for 2 days so I have been reluctant to try again :-). On that topic there is another program on my machine that is refusing to go away as well, hopefully not the cause of all this mess but it's called Sub Sidekick...I would love to get it off as it is quite annoying. I was trying them for a while for work but in the end found it too cumbersome and not really helpful so I never upgraded to the paid subscription. Thanks for your help!
  8. OOTL logfile created on: 1/13/2012 7:05:19 AM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:UserslorreaFavoritesDownloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.90 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 51.09% Memory free 8.02 Gb Paging File | 5.65 Gb Available in Paging File | 70.48% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86) Drive C: | 285.81 Gb Total Space | 20.47 Gb Free Space | 7.16% Space Free | Partition Type: NTFS Drive D: | 12.28 Gb Total Space | 1.95 Gb Free Space | 15.92% Space Free | Partition Type: NTFS Drive E: | 148.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: LORREA-PC | User Name: lorrea | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:UserslorreaFavoritesDownloadsOTL.exe (OldTimer Tools) PRC - C:Program Files (x86)Ask.comUpdaterUpdater.exe (Ask) PRC - C:Program Files (x86)Ask.comUpdateTask.exe () PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation) PRC - C:UserslorreaAppDataLocalAkamainetsession_win.exe (Akamai Technologies, Inc) PRC - C:Program Files (x86)McAfee Security Scan3.0.250SSScheduler.exe (McAfee, Inc.) PRC - C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.) PRC - C:Program Files (x86)RealRealPlayerUpdaterealsched.exe (RealNetworks, Inc.) PRC - C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC) PRC - C:Program Files (x86)PCPitstopPC MaticRTPCPitstopRTService.exe (PC Pitstop LLC) PRC - C:Program Files (x86)Flip VideoFlipShareFlipShareService.exe () PRC - C:Program Files (x86)FreecorderFLVSrvc.exe (Applian Technologies, Inc.) PRC - C:Program Files (x86)Internet Content FilterSafeEyes.exe (InternetSafety.com, Inc.) PRC - C:Program Files (x86)TechSmithJingJing.exe (TechSmith Corporation) PRC - C:Program Files (x86)McAfee.comAgentmcagent.exe (McAfee, Inc.) PRC - C:Program Files (x86)McAfeeMSCmcmscsvc.exe (McAfee, Inc.) PRC - C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsSyncAgent.exe (Adobe Systems Incorporated) PRC - C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE (CANON INC.) PRC - C:Program Files (x86)AudibleBinAudibleDownloadHelper.exe (Audible, Inc.) PRC - C:Program Files (x86)PIXELAImageMixer 3 SE Ver.6Transfer UtilityCameraMonitor.exe (PIXELA CORPORATION) PRC - C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe (Yahoo! Inc.) ========== Modules (No Company Name) ========== MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Web.Services2cf510e07b605923c496b1ae3c31335fSystem.Web.Services.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Webfecd1103dd16dc1192402770caf56575System.Web.ni.dll () MOD - C:Program Files (x86)Ask.comUpdateTask.exe () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Microsoft.VisualStu#b554897876ce7ea0e3690d0e35859fdaMicrosoft.VisualStudio.Tools.Applications.Runtime.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32CustomMarshalersd72212e0e98b6ea4339d453bf540b5a6CustomMarshalers.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Configuration40da9084d0863e07d7ce55953833b8b0System.Configuration.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Xmlc1c06a392871267db27f7cbc40e1c4fbSystem.Xml.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Windows.Forms1363115565fff5a641243a48f396f107System.Windows.Forms.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Drawing367c4043efc2f32d843cb588b0dc97fcSystem.Drawing.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32PresentationFramewo#231b0b42eff55de5c7d7debe555c16b7PresentationFramework.Aero.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32PresentationFramewo#94f892556ec9fa7a508fc9d214ceaedfPresentationFramework.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32PresentationCore53f949f4664bb316f9b7a00d73a6e290PresentationCore.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32WindowsBasefd2c727bcef2e019eb96c1145f423701WindowsBase.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Systemf9c36ea806e77872dce891c77b68fac3System.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32mscorlibb6632a8b2f276a8e31f5b0f6b2006cd1mscorlib.ni.dll () MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll () MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll () MOD - C:Program Files (x86)TechSmithJingRecorder.dll () MOD - C:WindowsassemblyGAC_MSILMicrosoft.Office.Tools.Common8.0.0.0__b03f5f7f11d50a3aMicrosoft.Office.Tools.Common.dll () MOD - C:WindowsassemblyGACMicrosoft.Office.Interop.Outlook12.0.0.0__71e9bce111e9429cMicrosoft.Office.Interop.Outlook.dll () MOD - C:WindowsassemblyGACoffice12.0.0.0__71e9bce111e9429coffice.dll () MOD - C:Program Files (x86)PIXELAImageMixer 3 SE Ver.6Transfer Utilitypxl_m17n_tool.dll () MOD - C:WindowsassemblyGACstdole7.0.3300.0__b03f5f7f11d50a3astdole.dll () MOD - C:WindowsassemblyGAC_32CustomMarshalers2.0.0.0__b03f5f7f11d50a3aCustomMarshalers.dll () MOD - C:Program Files (x86)Microsoft OfficeOffice12ADDINSColleagueImport.dll () MOD - C:Program Files (x86)AdobePhotoshop Elements 7.0sync_util.dll () MOD - C:Program Files (x86)AdobePhotoshop Elements 7.0SyncPrefLib.dll () MOD - C:Program Files (x86)AdobePhotoshop Elements 7.0AdobeXMPFiles.dll () MOD - C:Program Files (x86)AdobePhotoshop Elements 7.0AdobeXMP.dll () MOD - C:Program Files (x86)Yahoo!Widgetsjsd.dll () MOD - C:Program Files (x86)Yahoo!Widgetsjs32.dll () MOD - C:Program Files (x86)Yahoo!Widgetssqlite3.dll () MOD - C:Program Files (x86)Microsoft OfficeOffice12ADDINSUmOutlookAddin.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (mfevtp) -- C:WindowsSysNativemfevtps.exe (McAfee, Inc.) SRV:64bit: - (!SASCORE) -- C:Program FilesSUPERAntiSpywareSASCORE64.EXE (SUPERAntiSpyware.com) SRV:64bit: - (McODS) -- C:Program FilesMcAfeeVirusScanmcods.exe (McAfee, Inc.) SRV:64bit: - (McShield) -- C:Program FilesMcAfeeVirusScanMcshield.exe (McAfee, Inc.) SRV:64bit: - (wlcrasvc) -- C:Program FilesWindows LiveMeshwlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation) SRV:64bit: - (XAudioService) -- C:WindowsSysNativeDRIVERSxaudio64.exe (Conexant Systems, Inc.) SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) SRV - (Akamai) -- c:program files (x86)common filesakamai/netsession_win_b427739.dll () SRV - (McComponentHostService) -- C:Program Files (x86)McAfee Security Scan3.0.250McCHSvc.exe (McAfee, Inc.) SRV - (PCPitstop Scheduling) -- C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC) SRV - (PCPitstop Realtime) -- C:Program Files (x86)PCPitstopPC MaticRTPCPitstopRTService.exe (PC Pitstop LLC) SRV - (FlipShare Service) -- C:Program Files (x86)Flip VideoFlipShareFlipShareService.exe () SRV - (FlipShareServer) -- C:Program Files (x86)Flip VideoFlipShareServerFlipShareServer.exe () SRV - (McSysmon) -- C:Program Files (x86)McAfeeVirusScanmcsysmon.exe (McAfee, Inc.) SRV - (seUpdateSvc) -- C:Program Files (x86)Internet Content FilterUpdateService.exe (InternetSafety.com, Inc.) SRV - (IntuitUpdateService) -- C:Program Files (x86)Common FilesIntuitUpdate ServiceIntuitUpdateService.exe (Intuit Inc.) SRV - (FLEXnet Licensing Service) -- C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe (Acresso Software Inc.) SRV - (mcmscsvc) -- C:Program Files (x86)McAfeeMSCmcmscsvc.exe (McAfee, Inc.) SRV - (IJPLMSVC) -- C:Program Files (x86)CanonIJPLMijplmsvc.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation) SRV - (Recovery Service for Windows) -- C:Program Files (x86)SMINSTBLService.exe () SRV - (AdobeActiveFileMonitor7.0) -- C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (HPSLPSVC) -- C:Program Files (x86)HpDigital ImagingbinHPSLPSVC64.DLL (Hewlett-Packard Co.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation) DRV:64bit: - (mfehidk) -- C:WindowsSysNativedriversmfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:WindowsSysNativedriversmfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:WindowsSysNativedriversmfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:WindowsSysNativedriversmfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:WindowsSysNativedriversmfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:WindowsSysNativedriversmferkdet.sys (McAfee, Inc.) DRV:64bit: - (SASDIFSV) -- C:Program FilesSUPERAntiSpywaresasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (SASKUTIL) -- C:Program FilesSUPERAntiSpywaresaskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (Netaapl) -- C:WindowsSysNativeDRIVERSnetaapl64.sys (Apple Inc.) DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativeDriversusbaapl64.sys (Apple, Inc.) DRV:64bit: - (mferkdk) -- C:WindowsSysNativedriversmferkdk.sys (McAfee, Inc.) DRV:64bit: - (mfesmfk) -- C:WindowsSysNativedriversmfesmfk.sys (McAfee, Inc.) DRV:64bit: - (fssfltr) -- C:WindowsSysNativeDRIVERSfssfltr.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:WindowsSysNativeDRIVERSigdkmd64.sys (Intel Corporation) DRV:64bit: - (sbapifs) -- C:WindowsSysNativeDRIVERSsbapifs.sys (Sunbelt Software) DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativeDRIVERSGEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (DVDRIVER) -- C:WindowsSysNativeDRIVERSdvdriver.sys (Eagletron Inc.) DRV:64bit: - (NETw5v64) Intel® -- C:WindowsSysNativeDRIVERSNETw5v64.sys (Intel Corporation) DRV:64bit: - (WpdUsb) -- C:WindowsSysNativeDRIVERSwpdusb.sys (Microsoft Corporation) DRV:64bit: - (HpqKbFiltr) -- C:WindowsSysNativeDRIVERSHpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (RTSTOR) -- C:WindowsSysNativedriversRTSTOR64.SYS (Realtek Semiconductor Corp.) DRV:64bit: - (IntcHdmiAddService) Intel® -- C:WindowsSysNativedriversIntcHdmi.sys (Intel® Corporation) DRV:64bit: - (RTL8169) -- C:WindowsSysNativeDRIVERSRtlh64.sys (Realtek Corporation ) DRV:64bit: - (CnxtHdAudService) -- C:WindowsSysNativedriversCHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (SynTP) -- C:WindowsSysNativeDRIVERSSynTP.sys (Synaptics, Inc.) DRV:64bit: - (StillCam) -- C:WindowsSysNativeDRIVERSserscan.sys (Microsoft Corporation) DRV:64bit: - (NETw3v64) Intel® -- C:WindowsSysNativeDRIVERSNETw3v64.sys (Intel Corporation) DRV:64bit: - (sdbus) -- C:WindowsSysNativeDRIVERSsdbus.sys (Microsoft Corporation) DRV:64bit: - (HSF_DPV) -- C:WindowsSysNativeDRIVERSCAX_DPV.sys (Conexant Systems, Inc.) DRV:64bit: - (CAXHWAZL) -- C:WindowsSysNativeDRIVERSCAXHWAZL.sys (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:WindowsSysNativeDRIVERSCAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (XAudio) -- C:WindowsSysNativeDRIVERSxaudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (yukonx64) -- C:WindowsSysNativeDRIVERSyk60x64.sys (Marvell) DRV:64bit: - (mdmxsdk) -- C:WindowsSysNativeDRIVERSmdmxsdk.sys (Conexant) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-us IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 98 AB 73 E9 9E 2B CC 01 [binary data] IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,StartPageCache = 1 IE - HKCU..URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:Program Files (x86)Ask.comGenericAskToolbar.dll (Ask) IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.order.2: "" FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110940,6902,0,21,0" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20110940,16900,0,21,0" FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: [email protected]:3.1 FF - prefs.js..extensions.enabledItems: [email protected]:1.4.9 FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: [email protected]:1.1 FF:64bit: - [email protected]/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF64_11_1_102.dll File not found FF:64bit: - [email protected]/JavaPlugin: C:Program FilesJavajre7binnew_pluginnpjp2.dll (Oracle Corporation) FF - [email protected]/FlashPlayer: C:WindowsSysWOW64MacromedFlashNPSWF32.dll () FF - [email protected]/ShockwavePlayer: C:Windowssystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.) FF - [email protected]/iTunes,version=: File not found FF - [email protected]/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll () FF - [email protected]/EPPEX: C:Program Files (x86)CanonEasy-PhotoPrint EXNPEZFFPI.DLL (CANON INC.) FF - [email protected]/Foxit Reader Plugin,version=1.0,application/pdf: C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll (Foxit Corporation) FF - [email protected]/GoogleEarthPlugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll (Google) FF - [email protected]/MVT: C:Program Files (x86)McAfeeSupportabilityMVTnpmvtplugin.dll (McAfee, Inc.) FF - [email protected]/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation) FF - [email protected]/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WPF,version=3.5: c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation) FF - [email protected]/nppl3260;version=12.0.1.669: C:Program Files (x86)RealRealPlayerNetscape6nppl3260.dll (RealNetworks, Inc.) FF - [email protected]/nprjplug;version=12.0.1.669: C:Program Files (x86)RealRealPlayerNetscape6nprjplug.dll (RealNetworks, Inc.) FF - [email protected]/nprpchromebrowserrecordext;version=12.0.1.669: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - [email protected]/nprphtml5videoshim;version=12.0.1.669: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.) FF - [email protected]/nprpjplug;version=12.0.1.669: C:Program Files (x86)RealRealPlayerNetscape6nprpjplug.dll (RealNetworks, Inc.) FF - [email protected]/nsJSRealPlayerPlugin;version=: File not found FF - [email protected]/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.) FF - [email protected]/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.) FF - [email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:Program Files (x86)Mozilla Firefoxpluginsnpyaxmpb.dll (Yahoo! Inc.) FF - [email protected]/launcher: C:UserslorreaAppDataLocalRobloxVersionsversion-7abe764230c5492dNPRobloxProxy.dll () FF - [email protected]/UnityPlayer,version=1.0: C:UserslorreaAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2012/01/04 18:25:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:Program Files (x86)Common FilesMcAfeeSystemCore [2011/12/29 13:42:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 9.0.1extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/01/11 10:35:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 9.0.1extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2012/01/11 12:41:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:UserslorreaAppDataRoamingNetAssistant [2011/09/27 19:06:09 | 000,000,000 | ---D | M] [2009/10/01 20:35:55 | 000,000,000 | ---D | M] (No name found) -- C:UserslorreaAppDataRoamingMozillaExtensions [2012/01/11 12:45:08 | 000,000,000 | ---D | M] (No name found) -- C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultextensions [2011/01/15 16:15:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultextensions{20a82645-c095-46ed-80e3-08825760534b} [2011/12/12 18:05:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultextensions{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011/10/03 10:37:16 | 000,000,000 | ---D | M] (AOL Messaging Toolbar) -- C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultextensions{c2f863cd-0429-48c7-bb54-db756a951760} [2009/10/11 07:43:36 | 000,000,000 | ---D | M] (FLYLADY) -- C:UserslorreaAppDataRo[email protected]benefitbar.com [2011/09/27 19:05:48 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:UserslorreaAppDa[email protected]yontoo.com [2012/01/11 12:45:24 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:UserslorreaAppDat[email protected]ask.com [2010/03/08 17:51:06 | 000,004,554 | ---- | M] () -- C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultsearchpluginsaim-search-1.xml [2009/12/27 13:16:01 | 000,004,554 | ---- | M] () -- C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultsearchpluginsaim-search.xml [2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultsearchpluginsaskcom.xml [2009/10/11 07:42:31 | 000,001,417 | ---- | M] () -- C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultsearchpluginsweb-search-flylady.xml [2011/03/25 07:46:08 | 000,001,492 | ---- | M] () -- C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultsearchpluginsweb-search-powered-by-google.xml [2012/01/11 10:35:47 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions () (No name found) -- C:USERSLORREAAPPDATA[email protected]REMEMBERTHEMILK.COM.XPI () (No name found) -- C:USERSLORREAAPPDAT[email protected]ALEXA.COM.XPI [2012/01/11 10:35:46 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll [2008/06/17 23:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:Program Files (x86)mozilla firefoxpluginsnpCouponPrinter.dll [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:Program Files (x86)mozilla firefoxpluginsnpdeployJava1.dll [2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:Program Files (x86)mozilla firefoxpluginsnpyaxmpb.dll [2012/01/11 10:35:43 | 000,002,252 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml [2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml.old [2012/01/11 10:35:43 | 000,002,040 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginstwitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:Program Files (x86)GoogleChromeApplication14.0.835.202gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:WindowsSysWOW64MacromedFlashNPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:Program Files (x86)AdobeReader 9.0ReaderBrowsernppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:Windowssystem32AdobeDirectornp32dsw.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll CHR - plugin: Microsoftu00AE Windows Media Player Firefox Plugin (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnp-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:Program Files (x86)Mozilla FirefoxpluginsNPOFF12.DLL CHR - plugin: Chrome NaCl (Enabled) = C:Program Files (x86)GoogleChromeApplication14.0.835.202ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:Program Files (x86)GoogleChromeApplication14.0.835.202pdf.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:Program Files (x86)Mozilla FirefoxpluginsnpCouponPrinter.dll CHR - plugin: downloadUpdater (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpdnu.dll CHR - plugin: downloadUpdater2 (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpdnupdater2.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnprjplug.dll CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnpyaxmpb.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:Program Files (x86)CanonEasy-PhotoPrint EXNPEZFFPI.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll CHR - plugin: Google Update (Enabled) = C:Program Files (x86)GoogleUpdate1.3.21.69npGoogleUpdate3.dll CHR - plugin: Windows Live Photo Gallery (Enabled) = C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll CHR - plugin: Unity Player (Enabled) = C:UserslorreaAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll CHR - plugin: Roblox Launcher Plugin (Enabled) = C:UserslorreaAppDataLocalRobloxVersionsversion-5ce51d8367464075NPRobloxProxy.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:UserslorreaAppDataLocalGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.5_0 O1 HOSTS File: ([2012/01/11 09:39:31 | 000,000,027 | ---- | M]) - C:WindowsSysNativedriversetcHosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program FilesCommon FilesMcAfeeSystemCoreScriptSn.20111229134204.dll (McAfee, Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:Program Files (x86)CanonEasy-WebPrint EXewpexbho.dll (CANON INC.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program Files (x86)Common FilesMcAfeeSystemCoreScriptSn.20111229134205.dll (McAfee, Inc.) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll (Microsoft Corp.) O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program Files (x86)Ask.comGenericAskToolbar.dll (Ask) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:Program Files (x86)Yontoo Layers RuntimeYontooIEClient.dll File not found O3 - HKLM..Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll (Microsoft Corp.) O3 - HKLM..Toolbar: (Safe &Eyes Toolbar) - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:Program Files (x86)Internet Content FilterSEToolbar.dll (InternetSafety.com, Inc.) O3 - HKLM..Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:Program Files (x86)CanonEasy-WebPrint EXewpexhlp.dll (CANON INC.) O3 - HKLM..Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program Files (x86)Ask.comGenericAskToolbar.dll (Ask) O4:64bit: - HKLM..Run: [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..Run: [igfxTray] C:WindowsSysNativeigfxtray.exe (Intel Corporation) O4 - HKLM..Run: [] File not found O4 - HKLM..Run: [ApnUpdater] C:Program Files (x86)Ask.comUpdaterUpdater.exe (Ask) O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.) O4 - HKLM..Run: [CanonSolutionMenuEx] C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE (CANON INC.) O4 - HKLM..Run: [CarboniteSetupLite] C:Program Files (x86)CarboniteCarbonitePreinstaller.exe (Carbonite, Inc.) O4 - HKLM..Run: [ccApp] C:Program Files (x86)Common FilesSymantec SharedccApp.exe (Symantec Corporation) O4 - HKLM..Run: [Freecorder FLV Service] C:Program Files (x86)FreecorderFLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..Run: [HP Health Check Scheduler] c:Program Files (x86)Hewlett-PackardHP Health CheckHPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..Run: [iCF] C:Program Files (x86)Internet Content FilterSafeEyes.exe (InternetSafety.com, Inc.) O4 - HKLM..Run: [info Center] C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC) O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation) O4 - HKLM..Run: [mcagent_exe] C:Program Files (x86)McAfee.comAgentmcagent.exe (McAfee, Inc.) O4 - HKLM..Run: [PC MaticRT] C:Program Files (x86)PCPitstopPC MaticRTPCMaticRT.exe (PC Pitstop LLC) O4 - HKLM..Run: [QuickTime Plugin Install] C:Program Files (x86)QuickTimePluginsDeleteMe1.exe () O4 - HKLM..Run: [TkBellExe] C:Program Files (x86)RealRealPlayerUpdaterealsched.exe (RealNetworks, Inc.) O4 - HKLM..Run: [updateLBPShortCut] C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..Run: [updateP2GoShortCut] C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..Run: [updatePDIRShortCut] C:Program Files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..Run: [updatePSTShortCut] C:Program Files (x86)CyberLinkDVD SuiteMUITransferMUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..Run: [Akamai NetSession Interface] C:UserslorreaAppDataLocalAkamainetsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..Run: [Jing] C:Program Files (x86)TechSmithJingJing.exe (TechSmith Corporation) O4 - HKCU..Run: [PhotoshopElementsSyncAgent] C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsSyncAgent.exe (Adobe Systems Incorporated) O4 - HKCU..Run: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:UserslorreaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupJobulator.lnk = C:Program Files (x86)JobulatorJobulator.exe () O4 - Startup: C:UserslorreaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupYahoo! Widgets.lnk = C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe (Yahoo! Inc.) O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program Files (x86)Javajre1.6.0_07binnpjpi160_07.dll (Sun Microsystems, Inc.) O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000007 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000001 - C:WindowsSysNativeicf.dll (InternetSafety.com, Inc.) O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000002 - C:WindowsSysNativeicf.dll (InternetSafety.com, Inc.) O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000003 - C:WindowsSysNativeicf.dll (InternetSafety.com, Inc.) O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000004 - C:WindowsSysNativeicf.dll (InternetSafety.com, Inc.) O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000011 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000012 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000013 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000014 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000015 - C:WindowsSysNativeicf.dll (InternetSafety.com, Inc.) O10 - NameSpace_Catalog5Catalog_Entries000000000007 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9Catalog_Entries000000000001 - C:WindowsSysWow64icf.dll (InternetSafety.com, Inc.) O10 - Protocol_Catalog9Catalog_Entries000000000002 - C:WindowsSysWow64icf.dll (InternetSafety.com, Inc.) O10 - Protocol_Catalog9Catalog_Entries000000000003 - C:WindowsSysWow64icf.dll (InternetSafety.com, Inc.) O10 - Protocol_Catalog9Catalog_Entries000000000004 - C:WindowsSysWow64icf.dll (InternetSafety.com, Inc.) O10 - Protocol_Catalog9Catalog_Entries000000000015 - C:WindowsSysWow64icf.dll (InternetSafety.com, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{0CA4EE89-1E16-4135-80DE-B7E4553CD477}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{4C49B35F-E7AF-40C8-9C33-4080F3F93CAB}: DhcpNameServer = 172.16.68.215 172.16.68.215 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{E658EB1E-040B-44C5-B679-4F23FC048BB0}: DhcpNameServer = 172.16.64.215 172.16.64.215 O18:64bit: - ProtocolHandlergrooveLocalGWS - No CLSID value found O18:64bit: - ProtocolHandlerlivecall - No CLSID value found O18:64bit: - ProtocolHandlerms-help - No CLSID value found O18:64bit: - ProtocolHandlerms-itss - No CLSID value found O18:64bit: - ProtocolHandlermsnim - No CLSID value found O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found O18:64bit: - ProtocolHandlerwlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:WindowsSysWow64explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) -C:WindowsSysWOW64userinit.exe (Microsoft Corporation) O20:64bit: - WinlogonNotifyigfxcui: DllName - (igfxdev.dll) - C:WindowsSysNativeigfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:WindowsWebWallpaperimg24.jpg O24 - Desktop BackupWallPaper: C:WindowsWebWallpaperimg24.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM..comfile [open] -- "%1" %* O35:64bit: - HKLM..exefile [open] -- "%1" %* O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37:64bit: - HKLM...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %* O37 - HKLM...com [@ = ComFile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/01/11 18:19:06 | 000,064,600 | ---- | C] (Sunbelt Software) -- C:WindowsSysNativedriverssbapifs.sys [2012/01/11 14:26:58 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN [2012/01/11 12:55:18 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:WindowsSysNativenpdeployJava1.dll [2012/01/11 12:55:18 | 000,660,368 | ---- | C] (Oracle Corporation) -- C:WindowsSysNativedeployJava1.dll [2012/01/11 12:55:18 | 000,263,560 | ---- | C] (Oracle Corporation) -- C:WindowsSysNativejavaws.exe [2012/01/11 12:55:18 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:WindowsSysNativejavaw.exe [2012/01/11 12:55:18 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:WindowsSysNativejava.exe [2012/01/11 12:54:55 | 000,000,000 | ---D | C] -- C:Program FilesJava [2012/01/11 12:45:27 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsFoxit Reader 5.1 [2012/01/11 12:45:08 | 000,000,000 | ---D | C] -- C:Program Files (x86)Ask.com [2012/01/11 12:44:56 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataLocalAPN [2012/01/11 12:44:44 | 000,000,000 | ---D | C] -- C:Program Files (x86)Foxit Software [2012/01/11 12:41:01 | 000,000,000 | -HSD | C] -- C:Config.Msi [2012/01/11 09:32:17 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativelsasrv.dll [2012/01/11 09:32:17 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesecur32.dll [2012/01/11 04:07:54 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativequartz.dll [2012/01/11 04:07:54 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64quartz.dll [2012/01/11 04:07:53 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64qdvd.dll [2012/01/11 04:07:53 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeqdvd.dll [2012/01/11 04:07:51 | 001,585,152 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentdll.dll [2012/01/11 04:07:50 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewinmm.dll [2012/01/11 04:07:50 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemcicda.dll [2012/01/11 04:07:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemciwave.dll [2012/01/11 04:07:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemciseq.dll [2012/01/11 04:07:50 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mciseq.dll [2012/01/11 04:07:47 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewinsrv.dll [2012/01/11 04:07:46 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativepackager.dll [2012/01/11 04:07:46 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64packager.dll [2012/01/10 09:03:01 | 000,000,000 | ---D | C] -- C:Program Files (x86)ESET [2012/01/09 13:44:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe [2012/01/09 13:44:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe [2012/01/09 13:44:27 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe [2012/01/09 13:44:20 | 000,000,000 | ---D | C] -- C:WindowsERDNT [2012/01/09 13:44:16 | 000,000,000 | ---D | C] -- C:Qoobox [2012/01/09 08:21:19 | 000,000,000 | ---D | C] -- C:Program Files (x86)Trend Micro [2012/01/09 08:21:19 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataRoamingMicrosoftWindowsStart MenuProgramsHiJackThis [2012/01/08 22:09:11 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataRoamingSUPERAntiSpyware.com [2012/01/08 22:08:58 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSUPERAntiSpyware [2012/01/08 22:08:53 | 000,000,000 | ---D | C] -- C:ProgramDataSUPERAntiSpyware.com [2012/01/08 22:08:53 | 000,000,000 | ---D | C] -- C:Program FilesSUPERAntiSpyware [2012/01/06 13:56:28 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataLocalCrashDumps [2012/01/05 19:14:45 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes [2012/01/05 19:01:23 | 000,000,000 | ---D | C] -- C:ProgramDataSpybot - Search & Destroy [2012/01/05 19:01:23 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spybot - Search & Destroy [2012/01/05 18:58:15 | 000,000,000 | ---D | C] -- C:Program FilesiPod [2012/01/05 18:54:51 | 000,000,000 | ---D | C] -- C:Program FilesiTunes [2012/01/05 05:47:30 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataLocalNPE [2012/01/04 18:51:20 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMcAfee Security Scan Plus [2012/01/04 17:39:08 | 000,041,160 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativedriversmferkdk.sys [2012/01/03 20:21:45 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataRoamingOpera [2012/01/03 20:21:44 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataLocalOpera [2012/01/03 20:14:53 | 000,000,000 | ---D | C] -- C:Program Files (x86)Opera [2012/01/03 17:56:43 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataLocalSecunia PSI [2012/01/03 17:55:39 | 000,000,000 | ---D | C] -- C:Program Files (x86)Secunia [2012/01/01 23:33:37 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataRoamingRealNetworks [2012/01/01 09:59:29 | 000,000,000 | ---D | C] -- C:Program FilesiPod(172) [2011/12/29 13:43:26 | 000,000,000 | ---D | C] -- C:Program FilesMcAfee.com [2011/12/29 13:42:03 | 000,010,248 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativedriversmfeclnk.sys [2011/12/29 13:41:26 | 000,161,168 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativemfevtps.exe [2011/12/29 13:41:21 | 000,647,080 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativedriversmfehidk.sys [2011/12/29 13:41:21 | 000,481,768 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativedriversmfefirek.sys [2011/12/29 13:41:21 | 000,284,648 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativedriversmfewfpk.sys [2011/12/29 13:41:21 | 000,229,528 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativedriversmfeavfk.sys [2011/12/29 13:41:21 | 000,160,280 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativedriversmfeapfk.sys [2011/12/29 13:41:21 | 000,100,912 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativedriversmferkdet.sys [2011/12/29 08:10:01 | 000,049,608 | ---- | C] (McAfee, Inc.) -- C:WindowsSysNativedriversmfesmfk.sys [2011/12/29 07:28:26 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataRoamingMcAfee [2011/12/29 07:26:23 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMcAfee [2011/12/29 07:23:53 | 000,000,000 | ---D | C] -- C:Program Files (x86)Common FilesMcAfee [2011/12/29 07:23:49 | 000,000,000 | ---D | C] -- C:Program FilesMcAfee [2011/12/29 07:23:48 | 000,000,000 | ---D | C] -- C:Program Files (x86)McAfee.com [2011/12/29 07:23:48 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesMcAfee [2011/12/29 07:23:45 | 000,000,000 | ---D | C] -- C:Program Files (x86)McAfee [2011/12/26 22:21:35 | 000,000,000 | ---D | C] -- C:Program FilesDIFX [2011/12/25 15:53:29 | 000,000,000 | ---D | C] -- C:ProgramDataPCPitstopDat [2011/12/25 15:19:40 | 000,000,000 | ---D | C] -- C:ProgramDataPCPitstop [2011/12/25 15:19:40 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsPC Pitstop [2011/12/25 15:19:38 | 000,000,000 | ---D | C] -- C:Program Files (x86)PCPitstop [2011/12/24 19:15:29 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataLocalSymantec [2011/12/24 19:15:22 | 000,225,328 | ---- | C] (Symantec Corporation) -- C:WindowsSysNativedriverswpshelper.sys [2011/12/24 19:13:01 | 000,172,592 | ---- | C] (Symantec Corporation) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS [2011/12/24 19:11:52 | 000,000,000 | ---D | C] -- C:Program FilesSymantec [2011/12/24 19:11:18 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64capicom.dll [2011/12/24 19:11:08 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesSymantec Shared [2011/12/24 19:11:07 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSymantec Endpoint Protection [2011/12/24 19:11:07 | 000,000,000 | ---D | C] -- C:Program Files (x86)Symantec [2011/12/24 18:58:35 | 000,000,000 | ---D | C] -- C:UserslorreaDocumentsJason's [2011/12/21 14:34:59 | 000,000,000 | ---D | C] -- C:UserslorreaAppDataRoamingcom.blueprintcentral.keywordblaze [2011/12/21 14:34:51 | 000,000,000 | ---D | C] -- C:Program Files (x86)KeywordBlaze [2011/12/15 14:00:53 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshtmled.dll [2011/12/15 14:00:53 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mshtmled.dll [2011/12/15 14:00:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeurl.dll [2011/12/15 14:00:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64url.dll [2011/12/15 14:00:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieui.dll [2011/12/15 14:00:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieui.dll [2011/12/15 14:00:47 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeinetcpl.cpl [2011/12/15 14:00:47 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64inetcpl.cpl [2011/12/15 14:00:46 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript9.dll [2011/12/15 14:00:45 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64jscript.dll [2011/12/15 14:00:44 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript.dll [2011/12/14 15:48:33 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecsrsrv.dll [2011/12/14 15:47:48 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeEncDec.dll [2011/12/14 15:47:48 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64EncDec.dll ========== Files - Modified Within 30 Days ========== [2012/01/13 07:18:59 | 000,000,898 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job [2012/01/13 06:57:29 | 000,000,788 | ---- | M] () -- C:UserslorreaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupJobulator.lnk [2012/01/13 06:55:58 | 000,000,290 | ---- | M] () -- C:ProgramDatahpqp.ini [2012/01/13 06:55:36 | 000,000,894 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job [2012/01/13 06:53:56 | 000,000,374 | ---- | M] () -- C:WindowsSysNativedriversetchosts.ics [2012/01/13 06:53:40 | 000,003,216 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/13 06:53:39 | 000,003,216 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/13 06:53:30 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat [2012/01/11 12:54:58 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativenpdeployJava1.dll [2012/01/11 12:54:58 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativedeployJava1.dll [2012/01/11 12:54:58 | 000,263,560 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativejavaws.exe [2012/01/11 12:54:58 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativejavaw.exe [2012/01/11 12:54:58 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativejava.exe [2012/01/11 12:45:28 | 000,000,945 | ---- | M] () -- C:UserslorreaApplication DataMicrosoftInternet ExplorerQuick LaunchFoxit Reader 5.1.lnk [2012/01/11 09:39:31 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts [2012/01/11 09:11:36 | 000,001,038 | ---- | M] () -- C:UserslorreaDesktopComboFix - Shortcut (2).lnk [2012/01/10 08:47:29 | 000,000,908 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk [2012/01/10 07:18:39 | 000,001,038 | ---- | M] () -- C:UserslorreaDesktopComboFix - Shortcut.lnk [2012/01/09 14:18:03 | 000,000,338 | ---- | M] () -- C:WindowstasksHPCeeScheduleForlorrea.job [2012/01/09 08:21:19 | 000,001,962 | ---- | M] () -- C:UserslorreaDesktopHiJackThis.lnk [2012/01/08 22:08:58 | 000,001,756 | ---- | M] () -- C:UsersPublicDesktopSUPERAntiSpyware Free Edition.lnk [2012/01/06 21:05:32 | 546,843,646 | ---- | M] () -- C:WindowsMEMORY.DMP [2012/01/06 20:57:56 | 000,000,680 | ---- | M] () -- C:UserslorreaAppDataLocald3d9caps.dat [2012/01/06 20:20:58 | 000,001,985 | ---- | M] () -- C:UsersPublicDesktopGoogle Chrome.lnk [2012/01/06 14:13:01 | 000,822,174 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI [2012/01/06 14:13:01 | 000,675,696 | ---- | M] () -- C:WindowsSysNativeperfh009.dat [2012/01/06 14:13:01 | 000,133,026 | ---- | M] () -- C:WindowsSysNativeperfc009.dat [2012/01/05 21:24:11 | 000,000,872 | ---- | M] () -- C:UserslorreaApplication DataMicrosoftInternet ExplorerQuick LaunchMozilla Firefox.lnk [2012/01/05 21:24:11 | 000,000,848 | ---- | M] () -- C:UsersPublicDesktopMozilla Firefox.lnk [2012/01/05 19:14:45 | 000,001,654 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk [2012/01/05 06:14:06 | 000,001,395 | ---- | M] () -- C:WindowsSysNativedriversetchosts.bak [2012/01/04 18:51:20 | 000,001,961 | ---- | M] () -- C:UsersPublicDesktopMcAfee Security Scan Plus.lnk [2012/01/04 18:51:20 | 000,001,961 | ---- | M] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupMcAfee Security Scan Plus.lnk [2011/12/29 07:28:24 | 000,001,943 | ---- | M] () -- C:UsersPublicDesktopMcAfee Virtual Technician.lnk [2011/12/29 07:26:34 | 000,000,801 | ---- | M] () -- C:UsersPublicDesktopMcAfee Security Center.lnk [2011/12/25 15:54:49 | 000,024,576 | ---- | M] () -- C:bcd_backup [2011/12/25 12:19:56 | 000,173,568 | ---- | M] () -- C:UserslorreaAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/24 21:05:07 | 000,000,732 | ---- | M] () -- C:UserslorreaAppDataLocald3d9caps64.dat [2011/12/24 19:13:26 | 000,172,592 | ---- | M] (Symantec Corporation) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS [2011/12/24 19:13:26 | 000,007,440 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.CAT [2011/12/24 19:13:26 | 000,000,855 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.INF [2011/12/24 12:27:32 | 000,001,940 | ---- | M] () -- C:UserslorreaAppDataLocal{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/12/24 04:28:38 | 000,000,112 | ---- | M] () -- C:ProgramData1AiJ2Bh5.dat [2011/12/24 04:28:37 | 000,000,000 | ---- | M] () -- C:WindowsSysWow64CIpb8BXQD.com.b [2011/12/21 14:34:51 | 000,000,782 | ---- | M] () -- C:UsersPublicDesktopKeywordBlaze.lnk [2011/12/21 14:33:08 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl [2011/12/15 14:43:01 | 000,412,824 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/01/11 12:45:28 | 000,000,945 | ---- | C] () -- C:UserslorreaApplication DataMicrosoftInternet ExplorerQuick LaunchFoxit Reader 5.1.lnk [2012/01/11 09:11:36 | 000,001,038 | ---- | C] () -- C:UserslorreaDesktopComboFix - Shortcut (2).lnk [2012/01/10 08:47:29 | 000,000,908 | ---- | C] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk [2012/01/10 07:18:39 | 000,001,038 | ---- | C] () -- C:UserslorreaDesktopComboFix - Shortcut.lnk [2012/01/09 13:44:27 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe [2012/01/09 13:44:27 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe [2012/01/09 13:44:27 | 000,098,816 | ---- | C] () -- C:Windowssed.exe [2012/01/09 13:44:27 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe [2012/01/09 13:44:27 | 000,068,096 | ---- | C] () -- C:Windowszip.exe [2012/01/09 08:21:19 | 000,001,962 | ---- | C] () -- C:UserslorreaDesktopHiJackThis.lnk [2012/01/08 22:08:58 | 000,001,756 | ---- | C] () -- C:UsersPublicDesktopSUPERAntiSpyware Free Edition.lnk [2012/01/05 19:14:45 | 000,001,654 | ---- | C] () -- C:UsersPublicDesktopiTunes.lnk [2011/12/29 07:28:24 | 000,001,943 | ---- | C] () -- C:UsersPublicDesktopMcAfee Virtual Technician.lnk [2011/12/29 07:28:05 | 000,001,953 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMcAfee Virtual Technician.lnk [2011/12/29 07:26:34 | 000,000,801 | ---- | C] () -- C:UsersPublicDesktopMcAfee Security Center.lnk [2011/12/25 15:54:48 | 000,024,576 | ---- | C] () -- C:bcd_backup [2011/12/25 15:09:37 | 000,002,002 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupHP Digital Imaging Monitor.lnk [2011/12/25 15:09:37 | 000,001,961 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupMcAfee Security Scan Plus.lnk [2011/12/25 15:09:37 | 000,001,950 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupAudible Download Manager.lnk [2011/12/25 15:09:37 | 000,000,928 | ---- | C] () -- C:UserslorreaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupYahoo! Widgets.lnk [2011/12/25 15:09:37 | 000,000,901 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupImageMixer 3 SE Camera Monitor Ver.6.lnk [2011/12/25 15:09:37 | 000,000,869 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupSub Sidekick.lnk [2011/12/25 15:09:37 | 000,000,788 | ---- | C] () -- C:UserslorreaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupJobulator.lnk [2011/12/24 21:05:07 | 000,000,732 | ---- | C] () -- C:UserslorreaAppDataLocald3d9caps64.dat [2011/12/24 19:13:01 | 000,007,440 | ---- | C] () -- C:WindowsSysNativedriversSYMEVENT64x86.CAT [2011/12/24 19:13:01 | 000,000,855 | ---- | C] () -- C:WindowsSysNativedriversSYMEVENT64x86.INF [2011/12/24 04:28:37 | 000,000,000 | ---- | C] () -- C:WindowsSysWow64CIpb8BXQD.com.b [2011/12/24 03:37:03 | 000,000,112 | ---- | C] () -- C:ProgramData1AiJ2Bh5.dat [2011/12/21 14:34:51 | 000,000,794 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsKeywordBlaze.lnk [2011/12/21 14:34:51 | 000,000,782 | ---- | C] () -- C:UsersPublicDesktopKeywordBlaze.lnk [2011/11/10 18:42:58 | 000,200,704 | ---- | C] () -- C:WindowsSysWow64UpdateDriver.exe [2011/11/10 18:42:58 | 000,005,116 | ---- | C] () -- C:WindowsSysWow64ucuiinfo.ini [2011/11/10 18:42:56 | 000,004,096 | ---- | C] () -- C:WindowsSysWow64driversRT2870.bin [2011/07/14 20:56:06 | 000,074,240 | ---- | C] () -- C:Windowstrackerpod_server.exe [2011/05/12 11:42:16 | 000,001,940 | ---- | C] () -- C:UserslorreaAppDataLocal{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/04/29 14:00:06 | 000,117,248 | ---- | C] () -- C:WindowsSysWow64EhStorAuthn.dll [2011/04/29 13:59:10 | 000,107,612 | ---- | C] () -- C:WindowsSysWow64StructuredQuerySchema.bin [2011/04/29 13:58:24 | 000,368,640 | ---- | C] () -- C:WindowsSysWow64msjetoledb40.dll [2010/10/12 13:56:40 | 000,000,168 | ---- | C] () -- C:UserslorreaAppDataRoamingTAConf.conf [2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:WindowsSysWow64igkrng500.bin [2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:WindowsSysWow64igcompkrng500.bin [2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:WindowsSysWow64igfcg500m.bin [2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:WindowsSysWow64iglhsip32.dll [2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:WindowsSysWow64iglhcp32.dll [2010/04/11 18:04:06 | 000,000,126 | ---- | C] () -- C:WindowsQUICKEN.INI [2009/11/01 08:58:01 | 000,760,620 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI [2009/10/26 15:47:00 | 000,024,226 | ---- | C] () -- C:UserslorreaAppDataRoamingUserTile.png [2009/10/26 09:18:17 | 000,000,056 | -H-- | C] () -- C:ProgramDataezsidmv.dat [2009/10/15 10:15:45 | 000,130,833 | ---- | C] () -- C:Windowshpoins18.dat [2009/10/15 10:10:33 | 000,006,600 | ---- | C] () -- C:Windowshpomdl18.dat [2009/10/06 21:12:01 | 000,173,568 | ---- | C] () -- C:UserslorreaAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/03 06:48:42 | 000,000,680 | ---- | C] () -- C:UserslorreaAppDataLocald3d9caps.dat [2009/10/02 10:26:00 | 000,000,540 | ---- | C] () -- C:UserslorreaAppDataRoamingwklnhst.dat [2009/08/10 09:23:16 | 000,000,290 | ---- | C] () -- C:ProgramDatahpqp.ini [2009/04/20 16:31:40 | 000,018,904 | ---- | C] () -- C:WindowsSysWow64StructuredQuerySchemaTrivial.bin [2008/07/06 13:20:48 | 000,147,172 | ---- | C] () -- C:WindowsSysWow64igfcg550.bin [2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:WindowsSysWow64OpenQuicktimeLib.dll [2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:WindowsSysWow64tcpmon.ini [2006/11/02 08:37:05 | 000,067,584 |
  9. I ran a Pc Pitstop scan last night and am concerned becuase it came up with the following log. The biggest concern is in the security section becuase that is the same virus name that kept popping up when this all started: Performance 2 MB's of junk contained in 77 different files was removed. Internet settings were up to date. (no action taken) No Performance tweaks required. (no action taken) No craplets identified (no action taken) No unoptimized services identified (no action taken) C Drive Total Fragmentation went from 25.68% to 25.66%. Data Fragmentation went from 28.56% to 28.54%. C:UserslorreaVideosFlipShare DataVideosVID03689.mp4 is no longer highly fragmented. Security 2 malware identified and removed Trojan.Win32.Generic!BT was detected as Trojan and removed. Trojan.Win32.Generic!BT was detected as Trojan and removed. Stability Drivers were up to date (no action taken) 3 registry fixes applied
  10. Java and Adobe have been updated. Below are the logs from the DDS Scan: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_07 Run by lorrea at 12:56:51 on 2012-01-11 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.1362 [GMT -7:00] . AV: Symantec Endpoint Protection *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} . ============== Running Processes =============== . C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32svchost.exe -k rpcss C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k GPSvcGroup C:Windowssystem32SLsvc.exe C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32svchost.exe -k NetworkService C:WindowsSystem32spoolsv.exe C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:Program FilesSUPERAntiSpywareSASCORE64.EXE C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe C:Program FilesBonjourmDNSResponder.exe C:Program Files (x86)Flip VideoFlipShareFlipShareService.exe C:Program Files (x86)Common FilesLightScribeLSSrvc.exe C:Windowssystem32mfevtps.exe C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted C:Windowssystem32svchost.exe -k imgsvc C:WindowsSystem32svchost.exe -k WerSvcGroup C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE C:Windowssystem32DRIVERSxaudio64.exe C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe C:Windowssystem32taskeng.exe C:Windowssystem32Dwm.exe C:Windowssystem32taskeng.exe C:WindowsSystem32alg.exe C:Windowssystem32wbemunsecapp.exe C:Windowssystem32wbemwmiprvse.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:WindowsSystem32igfxtray.exe C:Program FilesCanonMyPrinterBJMYPRT.EXE C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsSyncAgent.exe C:Program Files (x86)TechSmithJingJing.exe C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe C:Program Files (x86)AudibleBinAudibleDownloadHelper.exe C:Program Files (x86)HpDigital Imagingbinhpqtra08.exe C:Program Files (x86)McAfee Security Scan3.0.250SSScheduler.exe C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe C:Program Files (x86)HpQuickPlayQPService.exe C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQLBCtrl.exe C:Program Files (x86)FreecorderFLVSrvc.exe C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe C:Program Files (x86)McAfee.comAgentmcagent.exe C:Program Files (x86)iTunesiTunesHelper.exe C:Program Files (x86)Internet Content FilterSafeEyes.exe C:Program FilesWindows Media Playerwmpnscfg.exe C:Program FilesWindows Media Playerwmpnetwk.exe C:PROGRA~2McAfeeMSCmcmscsvc.exe C:Windowssplwow64.exe C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe C:Windowssystem32wbemwmiprvse.exe C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:Program FilesiPodbiniPodService.exe C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe C:Program Files (x86)iTunesiTunes.exe C:Program FilesSynapticsSynTPSynTPHelper.exe C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceHelper.exe C:Program Files (x86)Common FilesAppleApple Application Supportdistnoted.exe C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe C:Program Files (x86)Microsoft OfficeOffice12OUTLOOK.EXE C:Windowssystem32taskeng.exe C:WindowsExplorer.EXE C:Program Files (x86)RealRealPlayerupdaterealsched.exe C:Windowssystem32wuauclt.exe C:Windowssystem32notepad.exe C:Program Files (x86)Mozilla Firefoxfirefox.exe C:Program Files (x86)Mozilla Firefoxplugin-container.exe C:Windowssystem32msiexec.exe C:Windowssystem32SearchIndexer.exe C:Program Files (x86)Ask.comUpdaterUpdater.exe C:Windowssystem32vssvc.exe C:WindowsSystem32svchost.exe -k swprv C:Windowssystem32taskeng.exe C:Windowssystem32DllHost.exe C:Windowssystem32DllHost.exe C:WindowsSysWOW64cmd.exe C:WindowsSysWOW64cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP mStart Page = hxxp://www.yahoo.com uInternet Settings,ProxyOverride = *.local uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:Program Files (x86)Ask.comGenericAskToolbar.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:Program Files (x86)CanonEasy-WebPrint EXewpexbho.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:Program Files (x86)Common FilesMcAfeeSystemCoreScriptSn.20111229134205.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:Program Files (x86)Ask.comGenericAskToolbar.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:Program Files (x86)Yontoo Layers RuntimeYontooIEClient.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - C:Program Files (x86)Internet Content Filtersetoolbar.dll TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:Program Files (x86)CanonEasy-WebPrint EXewpexhlp.dll TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:Program Files (x86)Ask.comGenericAskToolbar.dll EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:Program Files (x86)CanonEasy-WebPrint EXewpexhlp.dll uRun: [PhotoshopElementsSyncAgent] C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsSyncAgent.exe uRun: [Jing] C:Program Files (x86)TechSmithJingJing.exe uRun: [Akamai NetSession Interface] "C:UserslorreaAppDataLocalAkamainetsession_win.exe" uRun: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe uRun: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe mRun: [WirelessAssistant] C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe mRun: [updatePSTShortCut] "C:Program Files (x86)CyberLinkDVD SuiteMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkDVD Suite" UpdateWithCreateOnce "SoftwareCyberLinkPowerStarter" mRun: [updatePDIRShortCut] "C:Program Files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPowerDirector" UpdateWithCreateOnce "SOFTWARECyberLinkPowerDirector7.0" mRun: [updateP2GoShortCut] "C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPower2Go" UpdateWithCreateOnce "SOFTWARECyberLinkPower2Go6.0" mRun: [updateLBPShortCut] "C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkLabelPrint" UpdateWithCreateOnce "SoftwareCyberLinkLabelPrint2.5" mRun: [uCam_Menu] "C:Program Files (x86)CyberLinkYouCamMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkYouCam" UpdateWithCreateOnce "SoftwareCyberLinkYouCam2.0" mRun: [TkBellExe] "C:Program Files (x86)RealRealPlayerUpdaterealsched.exe" -osboot mRun: [QuickTime Plugin Install] "C:Program Files (x86)QuickTimePluginsDeleteMe1.exe" mRun: [QPService] "C:Program Files (x86)HPQuickPlayQPService.exe" mRun: [QlbCtrl.exe] "C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" /Start mRun: [Malwarebytes' Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /starttray mRun: [iCF] "C:Program Files (x86)Internet Content FilterSafeEyes.exe" mRun: [HP Health Check Scheduler] c:Program Files (x86)Hewlett-PackardHP Health CheckHPHC_Scheduler.exe mRun: [Freecorder FLV Service] "C:Program Files (x86)FreecorderFLVSrvc.exe" /run mRun: [ccApp] "C:Program Files (x86)Common FilesSymantec SharedccApp.exe" mRun: [CarboniteSetupLite] "C:Program Files (x86)CarboniteCarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800 mRun: [CanonSolutionMenuEx] "C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE" /logon mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" mRun: [AppleSyncNotifier] C:Program Files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe mRun: [info Center] "C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe" mRun: [mcagent_exe] "C:Program Files (x86)McAfee.comAgentmcagent.exe" /runkey mRun: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe" mRun: [<NO NAME>] mRun: [ApnUpdater] "C:Program Files (x86)Ask.comUpdaterUpdater.exe" mRunOnce: [Malwarebytes Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /install /silent StartupFolder: C:UserslorreaAppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupJOBULA~1.LNK - C:Program Files (x86)JobulatorJobulator.exe StartupFolder: C:UserslorreaAppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupYAHOO!~1.LNK - C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupAUDIBL~1.LNK - C:Program Files (x86)AudibleBinAudibleDownloadHelper.exe StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupHPDIGI~1.LNK - C:Program Files (x86)HpDigital Imagingbinhpqtra08.exe StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupIMAGEM~1.LNK - C:Program Files (x86)PIXELAImageMixer 3 SE Ver.6Transfer UtilityCameraMonitor.exe StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupMCAFEE~1.LNK - C:Program Files (x86)McAfee Security Scan3.0.250SSScheduler.exe StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupSUBSID~1.LNK - C:Program Files (x86)Sub Sidekicksubsidekick.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:Program Files (x86)Javajre1.6.0_07binssv.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:PROGRA~2MICROS~2Office12REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll LSP: C:WindowsSystem32icf.dll DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 TCP: Interfaces{0CA4EE89-1E16-4135-80DE-B7E4553CD477} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 TCP: Interfaces{4C49B35F-E7AF-40C8-9C33-4080F3F93CAB} : DhcpNameServer = 172.16.68.215 172.16.68.215 TCP: Interfaces{E658EB1E-040B-44C5-B679-4F23FC048BB0} : DhcpNameServer = 172.16.64.215 172.16.64.215 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveSystemServices.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:Program Files (x86)Common FilesLightScribeLSRunOnce.exe" BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:Program Files (x86)CanonEasy-WebPrint EXewpexbho.dll BHO-X64: Canon Easy-WebPrint EX BHO - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program Files (x86)Common FilesMcAfeeSystemCoreScriptSn.20111229134205.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll BHO-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program Files (x86)Ask.comGenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:Program Files (x86)Yontoo Layers RuntimeYontooIEClient.dll BHO-X64: Yontoo Layers - No File TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll TB-X64: Safe &Eyes Toolbar: {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:Program Files (x86)Internet Content Filtersetoolbar.dll TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:Program Files (x86)CanonEasy-WebPrint EXewpexhlp.dll TB-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program Files (x86)Ask.comGenericAskToolbar.dll EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File mRun-x64: [WirelessAssistant] C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe mRun-x64: [updatePSTShortCut] "C:Program Files (x86)CyberLinkDVD SuiteMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkDVD Suite" UpdateWithCreateOnce "SoftwareCyberLinkPowerStarter" mRun-x64: [updatePDIRShortCut] "C:Program Files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPowerDirector" UpdateWithCreateOnce "SOFTWARECyberLinkPowerDirector7.0" mRun-x64: [updateP2GoShortCut] "C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPower2Go" UpdateWithCreateOnce "SOFTWARECyberLinkPower2Go6.0" mRun-x64: [updateLBPShortCut] "C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkLabelPrint" UpdateWithCreateOnce "SoftwareCyberLinkLabelPrint2.5" mRun-x64: [uCam_Menu] "C:Program Files (x86)CyberLinkYouCamMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkYouCam" UpdateWithCreateOnce "SoftwareCyberLinkYouCam2.0" mRun-x64: [TkBellExe] "C:Program Files (x86)RealRealPlayerUpdaterealsched.exe" -osboot mRun-x64: [QuickTime Plugin Install] "C:Program Files (x86)QuickTimePluginsDeleteMe1.exe" mRun-x64: [QPService] "C:Program Files (x86)HPQuickPlayQPService.exe" mRun-x64: [QlbCtrl.exe] "C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" /Start mRun-x64: [Malwarebytes' Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /starttray mRun-x64: [iCF] "C:Program Files (x86)Internet Content FilterSafeEyes.exe" mRun-x64: [HP Health Check Scheduler] c:Program Files (x86)Hewlett-PackardHP Health CheckHPHC_Scheduler.exe mRun-x64: [Freecorder FLV Service] "C:Program Files (x86)FreecorderFLVSrvc.exe" /run mRun-x64: [ccApp] "C:Program Files (x86)Common FilesSymantec SharedccApp.exe" mRun-x64: [CarboniteSetupLite] "C:Program Files (x86)CarboniteCarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800 mRun-x64: [CanonSolutionMenuEx] "C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE" /logon mRun-x64: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" mRun-x64: [AppleSyncNotifier] C:Program Files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe mRun-x64: [info Center] "C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe" mRun-x64: [mcagent_exe] "C:Program Files (x86)McAfee.comAgentmcagent.exe" /runkey mRun-x64: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe" mRun-x64: [(Default)] mRun-x64: [ApnUpdater] "C:Program Files (x86)Ask.comUpdaterUpdater.exe" mRunOnce-x64: [Malwarebytes Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /install /silent SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.default FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20110940,16900,0,21,0 FF - plugin: C:Program Files (x86)CanonEasy-PhotoPrint EXNPEZFFPI.DLL FF - plugin: C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll FF - plugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll FF - plugin: C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll FF - plugin: C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll FF - plugin: C:Program Files (x86)McAfeeSupportabilityMVTNPMVTPlugin.dll FF - plugin: c:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrlui.dll FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsnpCouponPrinter.dll FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsnpdeployJava1.dll FF - plugin: C:Program Files (x86)Mozilla Firefoxpluginsnpdnu.dll FF - plugin: C:Program Files (x86)Mozilla Firefoxpluginsnpdnupdater2.dll FF - plugin: C:Program Files (x86)Mozilla Firefoxpluginsnpyaxmpb.dll FF - plugin: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll FF - plugin: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll FF - plugin: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll FF - plugin: C:UserslorreaAppDataLocalRobloxVersionsversion-7abe764230c5492dNPRobloxProxy.dll FF - plugin: C:UserslorreaAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll FF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(extentions.y2layers.installId, e8854a5b-128e-4e49-b611-49f3a4ae7184 FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals, . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:Windowssystem32driversmfehidk.sys --> C:Windowssystem32driversmfehidk.sys [?] R1 mfewfpk;McAfee Inc. mfewfpk;C:Windowssystem32driversmfewfpk.sys --> C:Windowssystem32driversmfewfpk.sys [?] R1 SASDIFSV;SASDIFSV;C:Program FilesSUPERAntiSpywaresasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:Program FilesSUPERAntiSpywaresaskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:Program FilesSUPERAntiSpywareSASCore64.exe [2011-8-11 140672] R2 FontCache;Windows Font Cache Service;C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 mfevtp;McAfee Validation Trust Protection Service;"C:Windowssystem32mfevtps.exe" --> C:Windowssystem32mfevtps.exe [?] R2 SBSDWSCService;SBSD Security Center Service;C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe [2012-1-5 1153368] R3 CAXHWAZL;CAXHWAZL;C:Windowssystem32DRIVERSCAXHWAZL.sys --> C:Windowssystem32DRIVERSCAXHWAZL.sys [?] R3 Com4QLBEx;Com4QLBEx;C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe [2009-4-20 227896] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:Windowssystem32driversIntcHdmi.sys --> C:Windowssystem32driversIntcHdmi.sys [?] R3 MBAMProtector;MBAMProtector;??C:Windowssystem32driversmbam.sys --> C:Windowssystem32driversmbam.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:Windowssystem32driversmfeavfk.sys --> C:Windowssystem32driversmfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:Windowssystem32driversmfefirek.sys --> C:Windowssystem32driversmfefirek.sys [?] R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:Windowssystem32DRIVERSNETw5v64.sys --> C:Windowssystem32DRIVERSNETw5v64.sys [?] S2 0111611325191259mcinstcleanup;McAfee Application Installer Cleanup (0111611325191259);C:WindowsTEMP011161~1.EXE C:PROGRA~2COMMON~1McAfeeINSTAL~1cleanup.ini -cleanup -nolog -service --> C:WindowsTEMP011161~1.EXE C:PROGRA~2COMMON~1McAfeeINSTAL~1cleanup.ini -cleanup -nolog -service [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576] S2 DVDRIVER;DVdriver;C:Windowssystem32DRIVERSdvdriver.sys --> C:Windowssystem32DRIVERSdvdriver.sys [?] S2 MBAMService;MBAMService;C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2011-11-7 652872] S2 McShield;McAfee Real-time Scanner;C:PROGRA~1McAfeeVIRUSS~1McShield.exe [2011-12-29 156480] S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsFileAgent.exe [2008-9-16 169312] S3 Akamai;Akamai NetSession Interface;C:WindowsSystem32svchost.exe -k Akamai [2008-1-20 21504] S3 FlipShareServer;FlipShare Server;C:Program Files (x86)Flip VideoFlipShareServerFlipShareServer.exe [2011-5-6 1085440] S3 fssfltr;FssFltr;C:Windowssystem32DRIVERSfssfltr.sys --> C:Windowssystem32DRIVERSfssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:Program Files (x86)Windows LiveFamily Safetyfsssvc.exe [2010-9-23 1493352] S3 gupdate;Google Update Service (gupdate);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-3-14 136176] S3 gupdatem;Google Update Service (gupdatem);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-3-14 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:Program Files (x86)McAfee Security Scan3.0.250McCHSvc.exe [2011-12-9 237272] S3 McSysmon;McAfee SystemGuards;C:PROGRA~2McAfeeVIRUSS~1mcsysmon.exe [2011-12-29 606736] S3 mferkdet;McAfee Inc. mferkdet;C:Windowssystem32driversmferkdet.sys --> C:Windowssystem32driversmferkdet.sys [?] S3 mferkdk;McAfee Inc. mferkdk;C:Windowssystem32driversmferkdk.sys --> C:Windowssystem32driversmferkdk.sys [?] S3 mfesmfk;McAfee Inc. mfesmfk;C:Windowssystem32driversmfesmfk.sys --> C:Windowssystem32driversmfesmfk.sys [?] S3 Netaapl;Apple Mobile Device Ethernet Service;C:Windowssystem32DRIVERSnetaapl64.sys --> C:Windowssystem32DRIVERSnetaapl64.sys [?] S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:Windowssystem32DRIVERSNETw3v64.sys --> C:Windowssystem32DRIVERSNETw3v64.sys [?] S3 PCPitstop Scheduling;PCPitstop Scheduling;C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe [2011-12-25 91816] S3 PerfHost;Performance Counter DLL Host;C:WindowsSysWOW64perfhost.exe [2008-1-20 19968] S3 Recovery Service for Windows;Recovery Service for Windows;C:Program Files (x86)SMINSTBLService.exe [2009-4-20 365952] S3 seUpdateSvc;Safe Eyes Update Service;C:Program Files (x86)Internet Content FilterUpdateService.exe [2010-8-3 233472] S3 USBAAPL64;Apple Mobile USB Driver;C:Windowssystem32Driversusbaapl64.sys --> C:Windowssystem32Driversusbaapl64.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:WindowsMicrosoft.NETFramework64v4.0.30319WPFWPFFontCache_v0400.exe [2010-3-18 1020768] S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:Windowssystem32DRIVERSyk60x64.sys --> C:Windowssystem32DRIVERSyk60x64.sys [?] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe [2011-4-29 89920] S4 wlcrasvc;Windows Live Mesh remote connections service;C:Program FilesWindows LiveMeshwlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . JSEFile=C:WindowsSysWOW64WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-01-11 19:55:18 750488 ----a-w- C:WindowsSystem32npdeployJava1.dll 2012-01-11 19:55:18 660368 ----a-w- C:WindowsSystem32deployJava1.dll 2012-01-11 19:45:08 -------- d-----w- C:Program Files (x86)Ask.com 2012-01-11 19:44:56 -------- d-----w- C:UserslorreaAppDataLocalAPN 2012-01-11 19:44:44 -------- d-----w- C:Program Files (x86)Foxit Software 2012-01-11 17:35:44 626688 ----a-w- C:Program Files (x86)Mozilla Firefoxmsvcr80.dll 2012-01-11 17:35:44 548864 ----a-w- C:Program Files (x86)Mozilla Firefoxmsvcp80.dll 2012-01-11 17:35:44 479232 ----a-w- C:Program Files (x86)Mozilla Firefoxmsvcm80.dll 2012-01-11 17:35:44 43992 ----a-w- C:Program Files (x86)Mozilla Firefoxmozutils.dll 2012-01-10 16:03:01 -------- d-----w- C:Program Files (x86)ESET 2012-01-09 20:44:27 98816 ----a-w- C:Windowssed.exe 2012-01-09 20:44:27 518144 ----a-w- C:WindowsSWREG.exe 2012-01-09 20:44:27 256000 ----a-w- C:WindowsPEV.exe 2012-01-09 20:44:27 208896 ----a-w- C:WindowsMBR.exe 2012-01-09 15:21:19 388096 ----a-r- C:UserslorreaAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2012-01-09 15:21:19 -------- d-----w- C:Program Files (x86)Trend Micro 2012-01-09 05:09:11 -------- d-----w- C:UserslorreaAppDataRoamingSUPERAntiSpyware.com 2012-01-09 05:08:53 -------- d-----w- C:ProgramDataSUPERAntiSpyware.com 2012-01-09 05:08:53 -------- d-----w- C:Program FilesSUPERAntiSpyware 2012-01-06 20:56:28 -------- d-----w- C:UserslorreaAppDataLocalCrashDumps 2012-01-06 02:01:23 -------- d-----w- C:ProgramDataSpybot - Search & Destroy 2012-01-06 02:01:23 -------- d-----w- C:Program Files (x86)Spybot - Search & Destroy 2012-01-06 01:58:15 -------- d-----w- C:Program FilesiPod 2012-01-06 01:54:51 -------- d-----w- C:Program FilesiTunes 2012-01-05 12:47:30 -------- d-----w- C:UserslorreaAppDataLocalNPE 2012-01-05 00:39:08 41160 ----a-w- C:WindowsSystem32driversmferkdk.sys 2012-01-04 03:21:44 -------- d-----w- C:UserslorreaAppDataLocalOpera 2012-01-04 00:56:43 -------- d-----w- C:UserslorreaAppDataLocalSecunia PSI 2012-01-04 00:55:39 -------- d-----w- C:Program Files (x86)Secunia 2012-01-02 06:33:37 -------- d-----w- C:UserslorreaAppDataRoamingRealNetworks 2012-01-01 16:59:29 -------- d-----w- C:Program FilesiPod(172) 2011-12-29 20:43:26 -------- d-----w- C:Program FilesMcAfee.com 2011-12-29 20:42:05 28760 ----a-w- C:Program Files (x86)Mozilla FirefoxScriptFF.dll 2011-12-29 20:42:03 10248 ----a-w- C:WindowsSystem32driversmfeclnk.sys 2011-12-29 20:41:26 161168 ----a-w- C:WindowsSystem32mfevtps.exe 2011-12-29 20:41:21 647080 ----a-w- C:WindowsSystem32driversmfehidk.sys 2011-12-29 20:41:21 481768 ----a-w- C:WindowsSystem32driversmfefirek.sys 2011-12-29 20:41:21 284648 ----a-w- C:WindowsSystem32driversmfewfpk.sys 2011-12-29 20:41:21 229528 ----a-w- C:WindowsSystem32driversmfeavfk.sys 2011-12-29 20:41:21 160280 ----a-w- C:WindowsSystem32driversmfeapfk.sys 2011-12-29 20:41:21 100912 ----a-w- C:WindowsSystem32driversmferkdet.sys 2011-12-29 15:10:01 49608 ----a-w- C:WindowsSystem32driversmfesmfk.sys 2011-12-29 14:28:26 -------- d-----w- C:UserslorreaAppDataRoamingMcAfee 2011-12-29 14:23:53 -------- d-----w- C:Program Files (x86)Common FilesMcAfee 2011-12-29 14:23:49 -------- d-----w- C:Program FilesMcAfee 2011-12-29 14:23:48 -------- d-----w- C:Program FilesCommon FilesMcAfee 2011-12-29 14:23:48 -------- d-----w- C:Program Files (x86)McAfee.com 2011-12-29 14:23:45 -------- d-----w- C:Program Files (x86)McAfee 2011-12-25 22:53:29 -------- d-----w- C:ProgramDataPCPitstopDat 2011-12-25 22:19:40 -------- d-----w- C:ProgramDataPCPitstop 2011-12-25 22:19:38 -------- d-----w- C:Program Files (x86)PCPitstop 2011-12-25 02:15:29 -------- d-----w- C:UserslorreaAppDataLocalSymantec 2011-12-25 02:15:22 225328 ----a-w- C:WindowsSystem32driverswpshelper.sys 2011-12-25 02:13:01 172592 ----a-w- C:WindowsSystem32driversSYMEVENT64x86.SYS 2011-12-25 02:11:52 -------- d-----w- C:Program FilesSymantec 2011-12-25 02:11:08 -------- d-----w- C:Program FilesCommon FilesSymantec Shared 2011-12-25 02:11:07 -------- d-----w- C:Program Files (x86)Symantec 2011-12-23 08:55:43 8822856 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{BAE9E356-0E0B-4DC2-B369-368225CEFB49}mpengine.dll 2011-12-21 21:34:59 -------- d-----w- C:UserslorreaAppDataRoamingcom.blueprintcentral.keywordblaze 2011-12-21 21:34:51 -------- d-----w- C:Program Files (x86)KeywordBlaze 2011-12-14 22:48:33 85504 ----a-w- C:WindowsSystem32csrsrv.dll 2011-12-14 22:47:58 2048 ----a-w- C:WindowsSysWow64tzres.dll 2011-12-14 22:47:58 2048 ----a-w- C:WindowsSystem32tzres.dll 2011-12-14 22:47:48 559616 ----a-w- C:WindowsSystem32EncDec.dll 2011-12-14 22:47:48 429056 ----a-w- C:WindowsSysWow64EncDec.dll 2011-12-14 22:47:46 2764800 ----a-w- C:WindowsSystem32win32k.sys 2011-12-14 22:46:03 2409784 ----a-w- C:Program FilesWindows MailOESpamFilter.dat 2011-12-14 22:46:03 2409784 ----a-w- C:Program Files (x86)Windows MailOESpamFilter.dat . ==================== Find3M ==================== . 2011-12-21 21:33:08 414368 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl 2011-12-10 22:24:08 23152 ----a-w- C:WindowsSystem32driversmbam.sys 2011-11-04 01:53:39 2309120 ----a-w- C:WindowsSystem32jscript9.dll 2011-11-04 01:44:47 1390080 ----a-w- C:WindowsSystem32wininet.dll 2011-11-04 01:44:21 1493504 ----a-w- C:WindowsSystem32inetcpl.cpl 2011-11-04 01:34:43 2382848 ----a-w- C:WindowsSystem32mshtml.tlb 2011-11-03 22:47:42 1798144 ----a-w- C:WindowsSysWow64jscript9.dll 2011-11-03 22:40:21 1427456 ----a-w- C:WindowsSysWow64inetcpl.cpl 2011-11-03 22:39:47 1127424 ----a-w- C:WindowsSysWow64wininet.dll 2011-11-03 22:31:57 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb 2011-10-24 21:29:02 94208 ----a-w- C:WindowsSysWow64QuickTimeVR.qtx 2011-10-24 21:29:02 69632 ----a-w- C:WindowsSysWow64QuickTime.qts . ============= FINISH: 12:57:26.92 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: DeviceHarddiskVolume1 Install Date: 8/10/2009 8:45:25 AM System Uptime: 1/9/2012 2:17:29 PM (46 hours ago) . Motherboard: Wistron | | 3612 Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | CPU | 2100/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 286 GiB total, 21.154 GiB free. D: is FIXED (NTFS) - 12 GiB total, 1.955 GiB free. E: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart C6100 series Device ID: ROOTMULTIFUNCTION0000 Manufacturer: HP Name: Photosmart C6100 series PNP Device ID: ROOTMULTIFUNCTION0000 Service: . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart C7200 series Device ID: ROOTMULTIFUNCTION0001 Manufacturer: HP Name: Photosmart C7200 series PNP Device ID: ROOTMULTIFUNCTION0001 Service: . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart C6100 series Device ID: ROOTMULTIFUNCTION0002 Manufacturer: HP Name: Photosmart C6100 series PNP Device ID: ROOTMULTIFUNCTION0002 Service: . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart D110 series Device ID: ROOTMULTIFUNCTION0003 Manufacturer: HP Name: Photosmart D110 series PNP Device ID: ROOTMULTIFUNCTION0003 Service: . ==== System Restore Points =================== . RP683: 1/7/2012 2:00:17 PM - Windows Update RP684: 1/9/2012 6:52:49 AM - Scheduled Checkpoint RP685: 1/9/2012 8:18:59 AM - Installed HiJackThis RP686: 1/11/2012 7:20:16 AM - Scheduled Checkpoint RP687: 1/11/2012 12:39:59 PM - Removed Adobe Reader 9.4.4. RP688: 1/11/2012 12:47:05 PM - Removed Java 6 Update 29 RP689: 1/11/2012 12:54:39 PM - Installed Java 7 Update 2 (64-bit) . ==== Installed Programs ====================== . . Update for Microsoft Office 2007 (KB2508958) 3ivx MPEG-4 5.0.3 (remove only) Acrobat.com Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe AIR Adobe ConnectNow Add-in Adobe Flash Player 11 ActiveX Adobe Photoshop Elements 7.0 Adobe Photoshop.com Inspiration Browser Adobe Shockwave Player 11.5 AIO_CDA_ProductContext AIO_CDA_Software AIO_Scan Akamai NetSession Interface Akamai NetSession Interface Service AnswerWorks 5.0 English Runtime Apple Application Support Apple Software Update Ask Toolbar Audacity 1.3.12 (Unicode) Audible Download Manager AviSynth 2.5 AVS Update Manager 1.0 AVS Video Converter 7 AVS4YOU Software Navigator 1.4 Belkin N+ Wireless USB Adapter Blender (remove only) BufferChm C6100 c6100_Help Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MP Navigator EX 4.0 Canon MP280 series User Registration Canon My Printer Canon Solution Menu EX Carbonite Online Backup Setup Charlie Church Mouse Kindergarten 1.0 Charlie Church Mouse Preschool 1.2 Clip Art Collection Compatibility Pack for the 2007 Office system Copy Coupon Printer for Windows Cozi Outlook Toolbar CustomerResearchQFolder CyberLink DVD Suite CyberLink YouCam D3DX10 Destinations DeviceManagementQFolder DocProc DocProcQFolder Download Updater (AOL LLC) DVD Decrypter (Remove Only) ESET Online Scanner v3 ESU for Microsoft Vista eSupportQFolder Fax FileZilla Client 3.5.0 FlipShare Foxit PDF Creator Toolbar Updater Foxit Reader 5.1 Freecorder 5 Google Chrome Google Earth Plug-in Google Update Helper GoToMeeting 4.8.0.723 GPL Ghostscript Lite 8.70 Handbrake 0.9.4 HiJackThis Homeschool Tracker Basic Homeschool Tracker Plus Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Advisor HP Customer Experience Enhancements HP Doc Viewer HP DVD Play 3.7 HP Help and Support HP Photosmart Essential HP Product Assistant HP Quick Launch Buttons HP Total Care Setup HP Update HP User Guides 0118 HP Wireless Assistant HPAsset component for HP Active Support Library HPProductAssistant HPSSupply ImageMixer 3 SE Ver.6 Transfer Utility ImageMixer 3 SE Ver.6 Video Tools Info Center 1.0.0.7 iSEEK AnswerWorks English Runtime Java 6 Update 7 Jing Jobulator Junk Mail filter update Juno Preloader Keyword Blaze Keyword Blueprint 2 KeywordBlueprint LabelCreator Pro LabelPrint LEGO Digital Designer LightScribe System Software 1.14.17.1 LightScribe Template Labeler Livestream Procaster LiveUpdate 3.3 (Symantec Corporation) Malwarebytes Anti-Malware version 1.60.0.1800 MarketResearch McAfee Security Scan Plus McAfee SecurityCenter McAfee Virtual Technician Mesh Runtime Messenger Companion Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft Live Search Toolbar Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Ultimate 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Works Mozilla Firefox 9.0.1 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal My HP Games NetAssistant NetAssistant for Firefox NetWaiting NetZero Preloader Nvu 1.0PR Omron Health Management Software PC Matic 1.1.0.44 Power2Go PowerDirector Punctuation Puzzler Commas and More A1 QLBCASL Quarter Mile Math Level 2 Quicken 2008 QuickTime Readerware RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek USB 2.0 Card Reader RealUpgrade 1.1 Roblox for lorrea Safari Safe Eyes Scan Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Groove 2007 (KB2552997) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Segoe UI SmartSound Quicktracks for Premiere Elements 8.0 SolutionCenter Spelling Dictionaries Support For Adobe Reader 9 SPORE Creature Creator Trial Edition Spybot - Search & Destroy Status Sub Sidekick Timez Attack Launcher Toolbox TrayApp TurboTax 2008 TurboTax 2008 waziper TurboTax 2008 WinPerFedFormset TurboTax 2008 WinPerProgramHelp TurboTax 2008 WinPerReleaseEngine TurboTax 2008 WinPerTaxSupport TurboTax 2008 WinPerUserEducation TurboTax 2008 wrapper TurboTax 2009 TurboTax 2009 waziper TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wrapper TurboTax 2010 TurboTax 2010 waziper TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper TweetDeck Unity Web Player UnloadSupport Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (KB2596560) Videora iPod Converter 5.04 Vimeo Uploader Visual Studio 2005 Tools for Office Second Edition Runtime WD Diagnostics WebReg Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin XPS2OneNote Yahoo! Install Manager Yahoo! Widgets . ==== End Of File ===========================
  11. ComboFix 12-01-10.02 - lorrea 01/11/2012 9:14.4.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.1720 [GMT -7:00] Running from: c:userslorreaFavoritesDownloadsComboFix.exe Command switches used :: c:userslorreaDesktopCFScript.txt AV: Symantec Endpoint Protection *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Symantec Endpoint Protection *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:userslorreaAppDataLocalLowSunJavaDeploymentcache6.0413d3fb229-5a78481c" "c:userslorreaDownloadsCouponPrinter.exe" "c:userslorreaDownloadsvideora-ipod-504-setup.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:userslorreaAppDataLocalLowSunJavaDeploymentcache6.0413d3fb229-5a78481c c:userslorreaDownloadsCouponPrinter.exe c:userslorreaDownloadsvideora-ipod-504-setup.exe . . ((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 ))))))))))))))))))))))))))))))) . . 2012-01-11 16:39 . 2012-01-11 16:39 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-01-10 16:03 . 2012-01-10 16:03 -------- d-----w- c:program files (x86)ESET 2012-01-09 15:21 . 2012-01-09 15:21 388096 ----a-r- c:userslorreaAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2012-01-09 15:21 . 2012-01-09 15:21 -------- d-----w- c:program files (x86)Trend Micro 2012-01-09 05:09 . 2012-01-09 05:09 -------- d-----w- c:userslorreaAppDataRoamingSUPERAntiSpyware.com 2012-01-09 05:08 . 2012-01-09 05:09 -------- d-----w- c:program filesSUPERAntiSpyware 2012-01-09 05:08 . 2012-01-09 05:08 -------- d-----w- c:programdataSUPERAntiSpyware.com 2012-01-06 20:56 . 2012-01-09 13:59 -------- d-----w- c:userslorreaAppDataLocalCrashDumps 2012-01-06 02:01 . 2012-01-06 04:20 -------- d-----w- c:programdataSpybot - Search & Destroy 2012-01-06 02:01 . 2012-01-06 02:01 -------- d-----w- c:program files (x86)Spybot - Search & Destroy 2012-01-06 01:58 . 2012-01-06 01:58 -------- d-----w- c:program filesiPod 2012-01-06 01:54 . 2012-01-06 02:14 -------- d-----w- c:program filesiTunes 2012-01-05 12:47 . 2012-01-06 04:20 -------- d-----w- c:userslorreaAppDataLocalNPE 2012-01-05 00:39 . 2011-03-30 18:47 41160 ----a-w- c:windowssystem32driversmferkdk.sys 2012-01-04 03:21 . 2012-01-04 03:21 -------- d-----w- c:userslorreaAppDataLocalOpera 2012-01-04 03:14 . 2012-01-04 09:49 -------- d-----w- c:program files (x86)Opera 2012-01-04 00:56 . 2012-01-04 00:56 -------- d-----w- c:userslorreaAppDataLocalSecunia PSI 2012-01-04 00:55 . 2012-01-04 00:55 -------- d-----w- c:program files (x86)Secunia 2012-01-02 06:33 . 2012-01-02 06:33 -------- d-----w- c:userslorreaAppDataRoamingRealNetworks 2011-12-29 20:42 . 2011-12-07 00:22 28760 ----a-w- c:program files (x86)Mozilla FirefoxScriptFF.dll 2011-12-29 20:42 . 2011-10-15 19:16 10248 ----a-w- c:windowssystem32driversmfeclnk.sys 2011-12-29 20:41 . 2011-12-07 00:25 161168 ----a-w- c:windowssystem32mfevtps.exe 2011-12-29 20:41 . 2011-10-15 19:16 647080 ----a-w- c:windowssystem32driversmfehidk.sys 2011-12-29 20:41 . 2011-10-15 19:16 481768 ----a-w- c:windowssystem32driversmfefirek.sys 2011-12-29 20:41 . 2011-10-15 19:16 284648 ----a-w- c:windowssystem32driversmfewfpk.sys 2011-12-29 20:41 . 2011-10-15 19:16 229528 ----a-w- c:windowssystem32driversmfeavfk.sys 2011-12-29 20:41 . 2011-10-15 19:16 160280 ----a-w- c:windowssystem32driversmfeapfk.sys 2011-12-29 20:41 . 2011-10-15 19:16 100912 ----a-w- c:windowssystem32driversmferkdet.sys 2011-12-29 15:10 . 2011-03-30 18:47 49608 ----a-w- c:windowssystem32driversmfesmfk.sys 2011-12-29 14:28 . 2011-12-29 14:28 -------- d-----w- c:userslorreaAppDataRoamingMcAfee 2011-12-29 14:23 . 2012-01-01 15:54 -------- d-----w- c:program files (x86)Common FilesMcAfee 2011-12-29 14:23 . 2011-12-29 20:44 -------- d-----w- c:program filesMcAfee 2011-12-29 14:23 . 2011-12-29 20:43 -------- d-----w- c:program filesCommon FilesMcAfee 2011-12-29 14:23 . 2012-01-01 15:54 -------- d-----w- c:program files (x86)McAfee 2011-12-27 05:21 . 2011-12-27 05:21 -------- d-----w- c:program filesDIFX 2011-12-25 22:19 . 2012-01-09 13:24 -------- d-----w- c:programdataPCPitstop 2011-12-25 22:19 . 2011-12-25 22:19 -------- d-----w- c:program files (x86)PCPitstop 2011-12-25 02:15 . 2011-12-25 02:15 -------- d-----w- c:userslorreaAppDataLocalSymantec 2011-12-25 02:15 . 2011-07-15 23:35 225328 ----a-w- c:windowssystem32driverswpshelper.sys 2011-12-25 02:13 . 2011-12-25 02:13 172592 ----a-w- c:windowssystem32driversSYMEVENT64x86.SYS 2011-12-25 02:11 . 2011-12-25 02:13 -------- d-----w- c:program filesSymantec 2011-12-25 02:11 . 2011-12-25 02:11 -------- d-----w- c:program filesCommon FilesSymantec Shared 2011-12-25 02:11 . 2011-12-25 02:11 -------- d-----w- c:program files (x86)Symantec 2011-12-23 08:55 . 2011-11-21 11:40 8822856 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{BAE9E356-0E0B-4DC2-B369-368225CEFB49}mpengine.dll 2011-12-21 21:34 . 2011-12-21 21:34 -------- d-----w- c:userslorreaAppDataRoamingcom.blueprintcentral.keywordblaze 2011-12-21 21:34 . 2011-12-21 21:34 -------- d-----w- c:program files (x86)KeywordBlaze 2011-12-14 22:48 . 2011-10-25 16:09 85504 ----a-w- c:windowssystem32csrsrv.dll 2011-12-14 22:47 . 2011-11-08 14:58 2048 ----a-w- c:windowssystem32tzres.dll 2011-12-14 22:47 . 2011-11-08 14:42 2048 ----a-w- c:windowsSysWow64tzres.dll 2011-12-14 22:47 . 2011-10-14 17:30 559616 ----a-w- c:windowssystem32EncDec.dll 2011-12-14 22:47 . 2011-10-14 16:02 429056 ----a-w- c:windowsSysWow64EncDec.dll 2011-12-14 22:47 . 2011-11-23 13:57 2764800 ----a-w- c:windowssystem32win32k.sys 2011-12-14 22:46 . 2011-11-08 12:10 2409784 ----a-w- c:program filesWindows MailOESpamFilter.dat 2011-12-14 22:46 . 2011-11-08 12:10 2409784 ----a-w- c:program files (x86)Windows MailOESpamFilter.dat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-21 21:33 . 2011-11-14 01:51 414368 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2011-12-10 22:24 . 2011-11-08 02:12 23152 ----a-w- c:windowssystem32driversmbam.sys 2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:windowsSysWow64QuickTimeVR.qtx 2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:windowsSysWow64QuickTime.qts . . ((((((((((((((((((((((((((((( [email protected]_21.19.31 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-21 03:20 . 2012-01-09 17:34 589824 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2008-01-21 03:20 . 2012-01-11 13:51 589824 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2009-10-02 12:47 . 2012-01-10 13:55 382454 c:windowssystem32WDISuspendPerformanceDiagnostics_SystemData_S3.bin - 2008-01-21 03:20 . 2012-01-09 17:34 5668864 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat + 2008-01-21 03:20 . 2012-01-11 13:51 5668864 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat + 2008-01-21 03:20 . 2012-01-11 13:51 16187392 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat - 2008-01-21 03:20 . 2012-01-09 17:34 16187392 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2006-11-02 12:33 . 2012-01-11 11:04 11010048 c:windowssystem32SMIStoreMachineschema.dat - 2006-11-02 12:33 . 2012-01-09 13:14 11010048 c:windowssystem32SMIStoreMachineschema.dat + 2012-01-11 16:13 . 2012-01-11 16:13 10895360 c:windowsERDNTHiv-backupschema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINEWow6432Node~Browser Helper Objects{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] c:program files (x86)Yontoo Layers RuntimeYontooIEClient.dll [bU] . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "PhotoshopElementsSyncAgent"="c:program files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsSyncAgent.exe" [2010-04-15 1779040] "Jing"="c:program files (x86)TechSmithJingJing.exe" [2010-08-19 3069192] "Akamai NetSession Interface"="c:userslorreaAppDataLocalAkamainetsession_win.exe" [2011-12-13 3305760] "SpybotSD TeaTimer"="c:program files (x86)Spybot - Search & DestroyTeaTimer.exe" [2009-01-26 2144088] "SUPERAntiSpyware"="c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe" [2011-12-09 5486464] . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "WirelessAssistant"="c:program files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe" [2010-03-23 500792] "UpdatePSTShortCut"="c:program files (x86)CyberLinkDVD SuiteMUITransferMUIStartMenu.exe" [2008-10-07 210216] "UpdatePDIRShortCut"="c:program files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe" [2008-06-14 210216] "UpdateP2GoShortCut"="c:program files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" [2008-06-14 210216] "UpdateLBPShortCut"="c:program files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" [2008-06-14 210216] "UCam_Menu"="c:program files (x86)CyberLinkYouCamMUITransferMUIStartMenu.exe" [2008-11-15 218408] "TkBellExe"="c:program files (x86)RealRealPlayerUpdaterealsched.exe" [2011-10-16 273528] "QuickTime Plugin Install"="c:program files (x86)QuickTimePluginsDeleteMe1.exe" [2010-03-15 86016] "QPService"="c:program files (x86)HPQuickPlayQPService.exe" [2008-09-24 468264] "QlbCtrl.exe"="c:program files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" [2009-11-24 323640] "Malwarebytes' Anti-Malware"="c:program files (x86)Malwarebytes' Anti-Malwarembamgui.exe" [2011-12-25 460872] "ICF"="c:program files (x86)Internet Content FilterSafeEyes.exe" [2010-09-24 1599208] "HP Health Check Scheduler"="c:program files (x86)Hewlett-PackardHP Health CheckHPHC_Scheduler.exe" [2008-10-09 75008] "Freecorder FLV Service"="c:program files (x86)FreecorderFLVSrvc.exe" [2011-03-24 167936] "ccApp"="c:program files (x86)Common FilesSymantec SharedccApp.exe" [2010-01-25 115560] "CarboniteSetupLite"="c:program files (x86)CarboniteCarbonitePreinstaller.exe" [2010-03-09 283792] "CanonSolutionMenuEx"="c:program files (x86)CanonSolution Menu EXCNSEMAIN.EXE" [2010-04-02 1185112] "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-11-02 59240] "AppleSyncNotifier"="c:program files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe" [2011-11-02 59240] "Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2010-09-21 932288] "Info Center"="c:program files (x86)PCPitstopInfo CenterInfoCenter.exe" [2011-09-26 24216] "mcagent_exe"="c:program files (x86)McAfee.comAgentmcagent.exe" [2010-06-10 1218008] "iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2011-12-08 421736] . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRunOnce] "Malwarebytes Anti-Malware"="c:program files (x86)Malwarebytes' Anti-Malwarembamgui.exe" [2011-12-25 460872] . c:userslorreaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup Jobulator.lnk - c:program files (x86)JobulatorJobulator.exe [2011-11-28 142336] Yahoo! Widgets.lnk - c:program files (x86)Yahoo!WidgetsYahooWidgets.exe [2008-3-18 4742184] . c:programdataMicrosoftWindowsStart MenuProgramsStartup Audible Download Manager.lnk - c:program files (x86)AudibleBinAudibleDownloadHelper.exe [2009-12-17 1795488] HP Digital Imaging Monitor.lnk - c:program files (x86)HpDigital Imagingbinhpqtra08.exe [2007-1-2 210520] ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:program files (x86)PIXELAImageMixer 3 SE Ver.6Transfer UtilityCameraMonitor.exe [2011-6-5 537968] McAfee Security Scan Plus.lnk - c:program files (x86)McAfee Security Scan3.0.250SSScheduler.exe [2011-12-9 272792] Sub Sidekick.lnk - c:program files (x86)Sub Sidekicksubsidekick.exe [2011-7-31 354104] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 0111611325191259mcinstcleanup;McAfee Application Installer Cleanup (0111611325191259);c:windowsTEMP011161~1.EXE [x] R3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:program files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsFileAgent.exe [2008-09-16 169312] S2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE64.EXE [2011-08-11 140672] . . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:program files (x86)Common FilesLightScribeLSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-01-11 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-03-14 15:00] . 2012-01-11 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-03-14 15:00] . 2012-01-09 c:windowsTasksHPCeeScheduleForlorrea.job - c:program files (x86)hewlett-packardsdpceementHPCEE.exe [2009-04-20 18:34] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-04-17 1237288] "IgfxTray"="c:windowssystem32igfxtray.exe" [2010-08-26 161304] "CanonMyPrinter"="c:program filesCanonMyPrinterBJMyPrt.exe" [2010-03-25 2726728] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP uLocal Page = c:windowssystem32blank.htm mStart Page = hxxp://www.yahoo.com mLocal Page = c:windowsSysWOW64blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:progra~2MICROS~2Office12EXCEL.EXE/3000 LSP: c:windowsSystem32icf.dll TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64browseui.dll FF - ProfilePath - c:userslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.default FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20110940,16900,0,21,0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(extentions.y2layers.installId, e8854a5b-128e-4e49-b611-49f3a4ae7184 FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals, . . [HKEY_LOCAL_MACHINEsystemControlSet002ServicesAkamai] "ServiceDll"="c:program files (x86)common filesakamai/netsession_win_b427739.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS.DefaultSoftwareMicrosoftInternet ExplorerApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:20,8c,2b,00,4c,63,cc,01 . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @SACL= @="IFlashBroker" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}ProxyStubClsid] @Denied: (A 2) (Everyone) @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINEsoftwareMcAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00, . [HKEY_LOCAL_MACHINEsoftwareWow6432NodeClasses] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00, . Completion time: 2012-01-11 10:09:16 ComboFix-quarantined-files.txt 2012-01-11 17:09 ComboFix2.txt 2012-01-10 15:07 ComboFix3.txt 2012-01-09 22:28 . Pre-Run: 19,574,906,880 bytes free Post-Run: 23,182,778,368 bytes free . - - End Of File - - F2F8FA3DF08314681C30FFDA41B8307E
  12. Updated Log Happy I wasn't awake to know it finally got finished :-)! [email protected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=28f5ce03174ce34e89d3413964de346d # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-01-10 07:46:16 # local_time=2012-01-10 12:46:16 (-0700, US Mountain Standard Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=3584 16777215 100 0 0 0 0 0 # compatibility_mode=5121 16777086 100 82 0 79044806 0 0 # compatibility_mode=5892 16776638 100 56 511295 162810388 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=307327 # found=6 # cleaned=0 # scan_time=13093 C:QooboxQuarantineCProgramDataTarma Installer{889DF117-14D1-44EE-9F31-C5FB5D47F68B}_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I C:QooboxQuarantineCProgramDataTarma Installer{DA00D550-BB91-4A26-AAE5-9172D626CAAE}_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I C:QooboxQuarantineCWindowsSystem32consrv.dll.vir Win64/Sirefef.E trojan (unable to clean) 00000000000000000000000000000000 I C:UserslorreaAppDataLocalLowSunJavaDeploymentcache6.0413d3fb229-5a78481c a variant of Java/Agent.DZ trojan (unable to clean) 00000000000000000000000000000000 I C:UserslorreaDownloadsCouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application (unable to clean) 00000000000000000000000000000000 I C:UserslorreaDownloadsvideora-ipod-504-setup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I [email protected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=28f5ce03174ce34e89d3413964de346d # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-01-11 08:20:44 # local_time=2012-01-11 01:20:44 (-0700, US Mountain Standard Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=3584 16777215 100 0 0 0 0 0 # compatibility_mode=5121 16777086 100 82 0 79086002 0 0 # compatibility_mode=5892 16776638 100 56 552491 162851584 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=331484 # found=6 # cleaned=0 # scan_time=17166 C:QooboxQuarantineCProgramDataTarma Installer{889DF117-14D1-44EE-9F31-C5FB5D47F68B}_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I C:QooboxQuarantineCProgramDataTarma Installer{DA00D550-BB91-4A26-AAE5-9172D626CAAE}_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I C:QooboxQuarantineCWindowsSystem32consrv.dll.vir Win64/Sirefef.E trojan (unable to clean) 00000000000000000000000000000000 I C:UserslorreaAppDataLocalLowSunJavaDeploymentcache6.0413d3fb229-5a78481c a variant of Java/Agent.DZ trojan (unable to clean) 00000000000000000000000000000000 I C:UserslorreaDownloadsCouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application (unable to clean) 00000000000000000000000000000000 I C:UserslorreaDownloadsvideora-ipod-504-setup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
  13. This is the log that was produced...Just so you know one of my kids touched the keyboard a few minutes ago and the screen indicated that the scan had been stopped by the user. If you want me to redo the scan please let me know. [email protected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=28f5ce03174ce34e89d3413964de346d # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-01-10 07:46:16 # local_time=2012-01-10 12:46:16 (-0700, US Mountain Standard Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=3584 16777215 100 0 0 0 0 0 # compatibility_mode=5121 16777086 100 82 0 79044806 0 0 # compatibility_mode=5892 16776638 100 56 511295 162810388 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=307327 # found=6 # cleaned=0 # scan_time=13093 C:QooboxQuarantineCProgramDataTarma Installer{889DF117-14D1-44EE-9F31-C5FB5D47F68B}_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I C:QooboxQuarantineCProgramDataTarma Installer{DA00D550-BB91-4A26-AAE5-9172D626CAAE}_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I C:QooboxQuarantineCWindowsSystem32consrv.dll.vir Win64/Sirefef.E trojan (unable to clean) 00000000000000000000000000000000 I C:UserslorreaAppDataLocalLowSunJavaDeploymentcache6.0413d3fb229-5a78481c a variant of Java/Agent.DZ trojan (unable to clean) 00000000000000000000000000000000 I C:UserslorreaDownloadsCouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application (unable to clean) 00000000000000000000000000000000 I C:UserslorreaDownloadsvideora-ipod-504-setup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
  14. Here is the Malware Bytes Log, I am working on the ESAT scan now. Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.10.04 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 lorrea :: LORREA-PC [administrator] 1/10/2012 8:48:39 AM mbam-log-2012-01-10 (08-48-39).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 189851 Time elapsed: 5 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  15. ComboFix 12-01-09.07 - lorrea 01/10/2012 7:22.3.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.1941 [GMT -7:00] Running from: c:userslorreaFavoritesDownloadsComboFix.exe Command switches used :: c:userslorreaDesktopcfscript.txt AV: Symantec Endpoint Protection *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Symantec Endpoint Protection *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:userslorreaAppDataLocal{0F4016F3-9A40-446B-8D66-93AE72120587} c:userslorreaAppDataLocal{3C5C8126-04A2-4EE3-ACFF-3C71A654A151} c:userslorreaAppDataLocal{541BADC1-2A31-4944-AAB3-656AB77F6F20} c:userslorreaAppDataLocal{786856A9-1B79-4F78-AA28-4C6D691DFB1D} c:userslorreaAppDataLocal{81F36AA0-E58B-4D5B-A995-3CCDF4DF7B5E} c:userslorreaAppDataLocal{9DA6096C-0033-4E33-8C85-2B1310B91CC0} c:userslorreaAppDataLocalassemblytmp . . ((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 ))))))))))))))))))))))))))))))) . . 2012-01-10 14:41 . 2012-01-10 14:41 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-01-09 15:21 . 2012-01-09 15:21 388096 ----a-r- c:userslorreaAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2012-01-09 15:21 . 2012-01-09 15:21 -------- d-----w- c:program files (x86)Trend Micro 2012-01-09 05:09 . 2012-01-09 05:09 -------- d-----w- c:userslorreaAppDataRoamingSUPERAntiSpyware.com 2012-01-09 05:08 . 2012-01-09 05:09 -------- d-----w- c:program filesSUPERAntiSpyware 2012-01-09 05:08 . 2012-01-09 05:08 -------- d-----w- c:programdataSUPERAntiSpyware.com 2012-01-06 20:56 . 2012-01-09 13:59 -------- d-----w- c:userslorreaAppDataLocalCrashDumps 2012-01-06 02:01 . 2012-01-06 04:20 -------- d-----w- c:programdataSpybot - Search & Destroy 2012-01-06 02:01 . 2012-01-06 02:01 -------- d-----w- c:program files (x86)Spybot - Search & Destroy 2012-01-06 01:58 . 2012-01-06 01:58 -------- d-----w- c:program filesiPod 2012-01-06 01:54 . 2012-01-06 02:14 -------- d-----w- c:program filesiTunes 2012-01-05 12:47 . 2012-01-06 04:20 -------- d-----w- c:userslorreaAppDataLocalNPE 2012-01-05 00:39 . 2011-03-30 18:47 41160 ----a-w- c:windowssystem32driversmferkdk.sys 2012-01-04 03:21 . 2012-01-04 03:21 -------- d-----w- c:userslorreaAppDataLocalOpera 2012-01-04 03:14 . 2012-01-04 09:49 -------- d-----w- c:program files (x86)Opera 2012-01-04 00:56 . 2012-01-04 00:56 -------- d-----w- c:userslorreaAppDataLocalSecunia PSI 2012-01-04 00:55 . 2012-01-04 00:55 -------- d-----w- c:program files (x86)Secunia 2012-01-02 06:33 . 2012-01-02 06:33 -------- d-----w- c:userslorreaAppDataRoamingRealNetworks 2011-12-29 20:42 . 2011-12-07 00:22 28760 ----a-w- c:program files (x86)Mozilla FirefoxScriptFF.dll 2011-12-29 20:42 . 2011-10-15 19:16 10248 ----a-w- c:windowssystem32driversmfeclnk.sys 2011-12-29 20:41 . 2011-12-07 00:25 161168 ----a-w- c:windowssystem32mfevtps.exe 2011-12-29 20:41 . 2011-10-15 19:16 647080 ----a-w- c:windowssystem32driversmfehidk.sys 2011-12-29 20:41 . 2011-10-15 19:16 481768 ----a-w- c:windowssystem32driversmfefirek.sys 2011-12-29 20:41 . 2011-10-15 19:16 284648 ----a-w- c:windowssystem32driversmfewfpk.sys 2011-12-29 20:41 . 2011-10-15 19:16 229528 ----a-w- c:windowssystem32driversmfeavfk.sys 2011-12-29 20:41 . 2011-10-15 19:16 160280 ----a-w- c:windowssystem32driversmfeapfk.sys 2011-12-29 20:41 . 2011-10-15 19:16 100912 ----a-w- c:windowssystem32driversmferkdet.sys 2011-12-29 15:10 . 2011-03-30 18:47 49608 ----a-w- c:windowssystem32driversmfesmfk.sys 2011-12-29 14:28 . 2011-12-29 14:28 -------- d-----w- c:userslorreaAppDataRoamingMcAfee 2011-12-29 14:23 . 2012-01-01 15:54 -------- d-----w- c:program files (x86)Common FilesMcAfee 2011-12-29 14:23 . 2011-12-29 20:44 -------- d-----w- c:program filesMcAfee 2011-12-29 14:23 . 2011-12-29 20:43 -------- d-----w- c:program filesCommon FilesMcAfee 2011-12-29 14:23 . 2012-01-01 15:54 -------- d-----w- c:program files (x86)McAfee 2011-12-27 05:21 . 2011-12-27 05:21 -------- d-----w- c:program filesDIFX 2011-12-25 22:19 . 2012-01-09 13:24 -------- d-----w- c:programdataPCPitstop 2011-12-25 22:19 . 2011-12-25 22:19 -------- d-----w- c:program files (x86)PCPitstop 2011-12-25 02:15 . 2011-12-25 02:15 -------- d-----w- c:userslorreaAppDataLocalSymantec 2011-12-25 02:15 . 2011-07-15 23:35 225328 ----a-w- c:windowssystem32driverswpshelper.sys 2011-12-25 02:13 . 2011-12-25 02:13 172592 ----a-w- c:windowssystem32driversSYMEVENT64x86.SYS 2011-12-25 02:11 . 2011-12-25 02:13 -------- d-----w- c:program filesSymantec 2011-12-25 02:11 . 2011-12-25 02:11 -------- d-----w- c:program filesCommon FilesSymantec Shared 2011-12-25 02:11 . 2011-12-25 02:11 -------- d-----w- c:program files (x86)Symantec 2011-12-23 08:55 . 2011-11-21 11:40 8822856 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{BAE9E356-0E0B-4DC2-B369-368225CEFB49}mpengine.dll 2011-12-21 21:34 . 2011-12-21 21:34 -------- d-----w- c:userslorreaAppDataRoamingcom.blueprintcentral.keywordblaze 2011-12-21 21:34 . 2011-12-21 21:34 -------- d-----w- c:program files (x86)KeywordBlaze 2011-12-14 22:48 . 2011-10-25 16:09 85504 ----a-w- c:windowssystem32csrsrv.dll 2011-12-14 22:47 . 2011-11-08 14:58 2048 ----a-w- c:windowssystem32tzres.dll 2011-12-14 22:47 . 2011-11-08 14:42 2048 ----a-w- c:windowsSysWow64tzres.dll 2011-12-14 22:47 . 2011-10-14 17:30 559616 ----a-w- c:windowssystem32EncDec.dll 2011-12-14 22:47 . 2011-10-14 16:02 429056 ----a-w- c:windowsSysWow64EncDec.dll 2011-12-14 22:47 . 2011-11-23 13:57 2764800 ----a-w- c:windowssystem32win32k.sys 2011-12-14 22:46 . 2011-11-08 12:10 2409784 ----a-w- c:program filesWindows MailOESpamFilter.dat 2011-12-14 22:46 . 2011-11-08 12:10 2409784 ----a-w- c:program files (x86)Windows MailOESpamFilter.dat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-21 21:33 . 2011-11-14 01:51 414368 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:windowsSysWow64QuickTimeVR.qtx 2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:windowsSysWow64QuickTime.qts . . ((((((((((((((((((((((((((((( [email protected]_21.19.31 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-21 03:20 . 2012-01-09 17:34 589824 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2008-01-21 03:20 . 2012-01-10 02:16 589824 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2009-10-02 12:47 . 2012-01-10 13:55 382454 c:windowssystem32WDISuspendPerformanceDiagnostics_SystemData_S3.bin + 2008-01-21 03:20 . 2012-01-10 02:16 5668864 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2008-01-21 03:20 . 2012-01-09 17:34 5668864 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat + 2008-01-21 03:20 . 2012-01-10 02:16 16187392 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat - 2008-01-21 03:20 . 2012-01-09 17:34 16187392 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINEWow6432Node~Browser Helper Objects{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] c:program files (x86)Yontoo Layers RuntimeYontooIEClient.dll [bU] . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "PhotoshopElementsSyncAgent"="c:program files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsSyncAgent.exe" [2010-04-15 1779040] "Jing"="c:program files (x86)TechSmithJingJing.exe" [2010-08-19 3069192] "Akamai NetSession Interface"="c:userslorreaAppDataLocalAkamainetsession_win.exe" [2011-12-13 3305760] "SpybotSD TeaTimer"="c:program files (x86)Spybot - Search & DestroyTeaTimer.exe" [2009-01-26 2144088] "SUPERAntiSpyware"="c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe" [2011-12-09 5486464] . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "WirelessAssistant"="c:program files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe" [2010-03-23 500792] "UpdatePSTShortCut"="c:program files (x86)CyberLinkDVD SuiteMUITransferMUIStartMenu.exe" [2008-10-07 210216] "UpdatePDIRShortCut"="c:program files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe" [2008-06-14 210216] "UpdateP2GoShortCut"="c:program files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" [2008-06-14 210216] "UpdateLBPShortCut"="c:program files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" [2008-06-14 210216] "UCam_Menu"="c:program files (x86)CyberLinkYouCamMUITransferMUIStartMenu.exe" [2008-11-15 218408] "TkBellExe"="c:program files (x86)RealRealPlayerUpdaterealsched.exe" [2011-10-16 273528] "QuickTime Plugin Install"="c:program files (x86)QuickTimePluginsDeleteMe1.exe" [2010-03-15 86016] "QPService"="c:program files (x86)HPQuickPlayQPService.exe" [2008-09-24 468264] "QlbCtrl.exe"="c:program files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" [2009-11-24 323640] "Malwarebytes' Anti-Malware"="c:program files (x86)Malwarebytes' Anti-Malwarembamgui.exe" [2011-09-01 449608] "ICF"="c:program files (x86)Internet Content FilterSafeEyes.exe" [2010-09-24 1599208] "HP Health Check Scheduler"="c:program files (x86)Hewlett-PackardHP Health CheckHPHC_Scheduler.exe" [2008-10-09 75008] "Freecorder FLV Service"="c:program files (x86)FreecorderFLVSrvc.exe" [2011-03-24 167936] "ccApp"="c:program files (x86)Common FilesSymantec SharedccApp.exe" [2010-01-25 115560] "CarboniteSetupLite"="c:program files (x86)CarboniteCarbonitePreinstaller.exe" [2010-03-09 283792] "CanonSolutionMenuEx"="c:program files (x86)CanonSolution Menu EXCNSEMAIN.EXE" [2010-04-02 1185112] "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-11-02 59240] "AppleSyncNotifier"="c:program files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe" [2011-11-02 59240] "Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2010-09-21 932288] "Info Center"="c:program files (x86)PCPitstopInfo CenterInfoCenter.exe" [2011-09-26 24216] "mcagent_exe"="c:program files (x86)McAfee.comAgentmcagent.exe" [2010-06-10 1218008] "iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2011-12-08 421736] . c:userslorreaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup Jobulator.lnk - c:program files (x86)JobulatorJobulator.exe [2011-11-28 142336] Yahoo! Widgets.lnk - c:program files (x86)Yahoo!WidgetsYahooWidgets.exe [2008-3-18 4742184] . c:programdataMicrosoftWindowsStart MenuProgramsStartup Audible Download Manager.lnk - c:program files (x86)AudibleBinAudibleDownloadHelper.exe [2009-12-17 1795488] HP Digital Imaging Monitor.lnk - c:program files (x86)HpDigital Imagingbinhpqtra08.exe [2007-1-2 210520] ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:program files (x86)PIXELAImageMixer 3 SE Ver.6Transfer UtilityCameraMonitor.exe [2011-6-5 537968] McAfee Security Scan Plus.lnk - c:program files (x86)McAfee Security Scan3.0.250SSScheduler.exe [2011-12-9 272792] Sub Sidekick.lnk - c:program files (x86)Sub Sidekicksubsidekick.exe [2011-7-31 354104] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 0111611325191259mcinstcleanup;McAfee Application Installer Cleanup (0111611325191259);c:windowsTEMP011161~1.EXE [x] R3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:program files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsFileAgent.exe [2008-09-16 169312] S2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE64.EXE [2011-08-11 140672] . . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:program files (x86)Common FilesLightScribeLSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-01-09 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-03-14 15:00] . 2012-01-10 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-03-14 15:00] . 2012-01-09 c:windowsTasksHPCeeScheduleForlorrea.job - c:program files (x86)hewlett-packardsdpceementHPCEE.exe [2009-04-20 18:34] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-04-17 1237288] "IgfxTray"="c:windowssystem32igfxtray.exe" [2010-08-26 161304] "CanonMyPrinter"="c:program filesCanonMyPrinterBJMyPrt.exe" [2010-03-25 2726728] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP uLocal Page = c:windowssystem32blank.htm mStart Page = hxxp://www.yahoo.com mLocal Page = c:windowsSysWOW64blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:progra~2MICROS~2Office12EXCEL.EXE/3000 LSP: c:windowsSystem32icf.dll TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64browseui.dll FF - ProfilePath - c:userslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.default FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20110940,16900,0,21,0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(extentions.y2layers.installId, e8854a5b-128e-4e49-b611-49f3a4ae7184 FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals, . . [HKEY_LOCAL_MACHINEsystemControlSet002ServicesAkamai] "ServiceDll"="c:program files (x86)common filesakamai/netsession_win_b427739.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS.DefaultSoftwareMicrosoftInternet ExplorerApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:20,8c,2b,00,4c,63,cc,01 . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @SACL= @="IFlashBroker" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}ProxyStubClsid] @Denied: (A 2) (Everyone) @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINEsoftwareMcAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00, . [HKEY_LOCAL_MACHINEsoftwareWow6432NodeClasses] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00, . Completion time: 2012-01-10 08:07:36 ComboFix-quarantined-files.txt 2012-01-10 15:07 ComboFix2.txt 2012-01-09 22:28 . Pre-Run: 20,846,170,112 bytes free Post-Run: 20,823,408,640 bytes free . - - End Of File - - 3B98A9F95C026E1B25813421E5D4398E
×
×
  • Create New...