Jump to content

Recommended Posts

Hello and Thank you for looking! I have been getting a regular reporting of a Trojan removal from PCPitstop. I went through the suggested removal steps via the virus removal post. I ran Malwarebytes, Norton Power Erase, Spybot, Super-antispyware in the order listed in an attempt to remove this suspicious trojan that keeps re-appearing but it is still present in my PCPitstop results. I am hoping you can help me get rid of this finally. Below is my Hijack This log:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:22:18 AM, on 1/9/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe

C:\Program Files (x86)\TechSmith\Jing\Jing.exe

C:\Users\lorrea\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.250\SSScheduler.exe

C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Hp\QuickPlay\QPService.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files (x86)\Freecorder\FLVSrvc.exe

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe

C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe

C:\Users\lorrea\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111229134205.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (file missing)

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O3 - Toolbar: Safe &Eyes Toolbar - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files (x86)\Internet Content Filter\setoolbar.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Plugin Install] "C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [iCF] "C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800

O4 - HKLM\..\Run: [CanonSolutionMenuEx] "C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [info Center] "C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe"

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [PhotoshopElementsSyncAgent] C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe

O4 - HKCU\..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\lorrea\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Jobulator.lnk = C:\Program Files (x86)\Jobulator\Jobulator.exe

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe

O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.6.lnk = ?

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.250\SSScheduler.exe

O4 - Global Startup: Sub Sidekick.lnk = C:\Program Files (x86)\Sub Sidekick\subsidekick.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: McAfee Application Installer Cleanup (0111611325191259) (0111611325191259mcinstcleanup) - Unknown owner - C:\Windows\TEMP\011161~1.EXE (file missing)

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FlipShare Service - Unknown owner - C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe

O23 - Service: FlipShare Server (FlipShareServer) - Unknown owner - C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.250\McCHSvc.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Safe Eyes Update Service (seUpdateSvc) - InternetSafety.com, Inc. - C:\Program Files (x86)\Internet Content Filter\UpdateService.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

 

--

End of file - 18946 bytes

Link to post
Share on other sites

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.

  • Please subscribe to this topic, if you haven't already.

  • The fixes are specific to your problem and should only be used for the issues on this machine.

  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

  • It's often worth reading through these instructions and printing them for ease of reference.

  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

 

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

 

Stay with this topic until I give you the all clean post.

----------

 

 

Please download DDS from either of these links

 

LINK 1

LINK 2

 

and save it to your desktop.

  • Disable any script blocking protection
  • Right-click and Run as Administrator dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

 

DDS.txt

 

Attach.txt

----------

 

 

Please download aswMBR to your desktop.

  • Right click and Run as Administrator the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
Posted Image

Click the image to enlarge it

----------

 

In your next reply please post the logs created by DDS and aswMBR.exe :)

Link to post
Share on other sites

DDS Logs:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by lorrea at 9:02:01 on 2012-01-09

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2094 [GMT -7:00]

.

AV: Symantec Endpoint Protection *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

.

============== Running Processes ===============

.

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32svchost.exe -k rpcss

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k GPSvcGroup

C:Windowssystem32SLsvc.exe

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32svchost.exe -k NetworkService

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Program FilesSUPERAntiSpywareSASCORE64.EXE

C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Program FilesBonjourmDNSResponder.exe

C:Program Files (x86)Flip VideoFlipShareFlipShareService.exe

C:WindowsSysWOW64svchost.exe -k hpdevmgmt

C:Program Files (x86)Common FilesLightScribeLSSrvc.exe

C:Windowssystem32mfevtps.exe

C:WindowsSystem32svchost.exe -k HPZ12

C:WindowsSystem32svchost.exe -k HPZ12

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Windowssystem32svchost.exe -k imgsvc

C:WindowsSystem32svchost.exe -k WerSvcGroup

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

C:Windowssystem32SearchIndexer.exe

C:Windowssystem32DRIVERSxaudio64.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe

C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe

C:WindowsSystem32alg.exe

C:Windowssystem32wbemunsecapp.exe

C:Windowssystem32wbemwmiprvse.exe

C:Windowssystem32taskeng.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:WindowsSystem32igfxtray.exe

C:Program FilesCanonMyPrinterBJMYPRT.EXE

C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsSyncAgent.exe

C:Program Files (x86)TechSmithJingJing.exe

C:UserslorreaAppDataLocalAkamainetsession_win.exe

C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe

C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe

C:Program Files (x86)AudibleBinAudibleDownloadHelper.exe

C:Program Files (x86)HpDigital Imagingbinhpqtra08.exe

C:Program Files (x86)PIXELAImageMixer 3 SE Ver.6Transfer UtilityCameraMonitor.exe

C:Program Files (x86)McAfee Security Scan3.0.250SSScheduler.exe

C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe

C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe

C:Program Files (x86)RealRealPlayerUpdaterealsched.exe

C:Program Files (x86)HpQuickPlayQPService.exe

C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQLBCtrl.exe

C:Program Files (x86)FreecorderFLVSrvc.exe

C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE

C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe

C:Program Files (x86)McAfee.comAgentmcagent.exe

C:Program Files (x86)iTunesiTunesHelper.exe

C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe

C:Windowssystem32wbemwmiprvse.exe

C:Program Files (x86)Internet Content FilterSafeEyes.exe

C:PROGRA~2McAfeeMSCmcmscsvc.exe

C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe

C:Windowssplwow64.exe

C:UserslorreaAppDataLocalAkamainetsession_win.exe

C:Program FilesiPodbiniPodService.exe

C:Program Files (x86)Hewlett-PackardSharedhpqToaster.exe

C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe

C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe

C:Program FilesSynapticsSynTPSynTPHelper.exe

C:Windowssystem32wuauclt.exe

C:Program FilesWindows Media Playerwmpnscfg.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Windowssystem32svchost.exe -k HPService

C:Program Files (x86)Mozilla Firefoxfirefox.exe

C:Program Files (x86)Mozilla Firefoxplugin-container.exe

C:Program Files (x86)Mozilla Firefoxplugin-container.exe

C:Program Files (x86)Mozilla Firefoxplugin-container.exe

C:Program Files (x86)Mozilla Firefoxplugin-container.exe

C:Program Files (x86)Mozilla Firefoxplugin-container.exe

C:Program Files (x86)Mozilla Firefoxplugin-container.exe

C:Program Files (x86)Trend MicroHiJackThisHiJackThis.exe

C:WindowsSysWOW64NOTEPAD.EXE

C:Windowssystem32taskeng.exe

C:Windowsexplorer.exe

C:Windowssystem32DllHost.exe

C:Windowssystem32DllHost.exe

C:WindowsSysWOW64cmd.exe

C:WindowsSysWOW64cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mStart Page = hxxp://www.yahoo.com

mDefault_Page_URL = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:Program Files (x86)CanonEasy-WebPrint EXewpexbho.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:Program Files (x86)Common FilesMcAfeeSystemCoreScriptSn.20111229134205.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:Program Files (x86)Javajre6binjp2ssv.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:Program Files (x86)Yontoo Layers RuntimeYontooIEClient.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll

TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - C:Program Files (x86)Internet Content Filtersetoolbar.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:Program Files (x86)CanonEasy-WebPrint EXewpexhlp.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:Program Files (x86)CanonEasy-WebPrint EXewpexhlp.dll

uRun: [PhotoshopElementsSyncAgent] C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsSyncAgent.exe

uRun: [Jing] C:Program Files (x86)TechSmithJingJing.exe

uRun: [Akamai NetSession Interface] "C:UserslorreaAppDataLocalAkamainetsession_win.exe"

uRun: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe

uRun: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe

mRun: [WirelessAssistant] C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe

mRun: [updatePSTShortCut] "C:Program Files (x86)CyberLinkDVD SuiteMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkDVD Suite" UpdateWithCreateOnce "SoftwareCyberLinkPowerStarter"

mRun: [updatePDIRShortCut] "C:Program Files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPowerDirector" UpdateWithCreateOnce "SOFTWARECyberLinkPowerDirector7.0"

mRun: [updateP2GoShortCut] "C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPower2Go" UpdateWithCreateOnce "SOFTWARECyberLinkPower2Go6.0"

mRun: [updateLBPShortCut] "C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkLabelPrint" UpdateWithCreateOnce "SoftwareCyberLinkLabelPrint2.5"

mRun: [uCam_Menu] "C:Program Files (x86)CyberLinkYouCamMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkYouCam" UpdateWithCreateOnce "SoftwareCyberLinkYouCam2.0"

mRun: [TkBellExe] "C:Program Files (x86)RealRealPlayerUpdaterealsched.exe" -osboot

mRun: [QuickTime Plugin Install] "C:Program Files (x86)QuickTimePluginsDeleteMe1.exe"

mRun: [QPService] "C:Program Files (x86)HPQuickPlayQPService.exe"

mRun: [QlbCtrl.exe] "C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" /Start

mRun: [Malwarebytes' Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /starttray

mRun: [iCF] "C:Program Files (x86)Internet Content FilterSafeEyes.exe"

mRun: [HP Health Check Scheduler] c:Program Files (x86)Hewlett-PackardHP Health CheckHPHC_Scheduler.exe

mRun: [Freecorder FLV Service] "C:Program Files (x86)FreecorderFLVSrvc.exe" /run

mRun: [ccApp] "C:Program Files (x86)Common FilesSymantec SharedccApp.exe"

mRun: [CarboniteSetupLite] "C:Program Files (x86)CarboniteCarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800

mRun: [CanonSolutionMenuEx] "C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE" /logon

mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun: [AppleSyncNotifier] C:Program Files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe

mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun: [info Center] "C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe"

mRun: [mcagent_exe] "C:Program Files (x86)McAfee.comAgentmcagent.exe" /runkey

mRun: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

StartupFolder: C:UserslorreaAppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupJOBULA~1.LNK - C:Program Files (x86)JobulatorJobulator.exe

StartupFolder: C:UserslorreaAppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupYAHOO!~1.LNK - C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupAUDIBL~1.LNK - C:Program Files (x86)AudibleBinAudibleDownloadHelper.exe

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupHPDIGI~1.LNK - C:Program Files (x86)HpDigital Imagingbinhpqtra08.exe

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupIMAGEM~1.LNK - C:Program Files (x86)PIXELAImageMixer 3 SE Ver.6Transfer UtilityCameraMonitor.exe

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupMCAFEE~1.LNK - C:Program Files (x86)McAfee Security Scan3.0.250SSScheduler.exe

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupSUBSID~1.LNK - C:Program Files (x86)Sub Sidekicksubsidekick.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:PROGRA~2MICROS~2Office12REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll

LSP: C:WindowsSystem32icf.dll

LSP: mswsock.dll

Trusted Zone: internet

Trusted Zone: intuit.comttlc

Trusted Zone: mcafee.com

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces{0CA4EE89-1E16-4135-80DE-B7E4553CD477} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces{4C49B35F-E7AF-40C8-9C33-4080F3F93CAB} : DhcpNameServer = 172.16.68.215 172.16.68.215

TCP: Interfaces{E658EB1E-040B-44C5-B679-4F23FC048BB0} : DhcpNameServer = 172.16.64.215 172.16.64.215

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:Program Files (x86)Common FilesLightScribeLSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:Program Files (x86)CanonEasy-WebPrint EXewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program Files (x86)Common FilesMcAfeeSystemCoreScriptSn.20111229134205.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:Program Files (x86)Yontoo Layers RuntimeYontooIEClient.dll

BHO-X64: Yontoo Layers - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll

TB-X64: Safe &Eyes Toolbar: {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:Program Files (x86)Internet Content Filtersetoolbar.dll

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:Program Files (x86)CanonEasy-WebPrint EXewpexhlp.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [WirelessAssistant] C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe

mRun-x64: [updatePSTShortCut] "C:Program Files (x86)CyberLinkDVD SuiteMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkDVD Suite" UpdateWithCreateOnce "SoftwareCyberLinkPowerStarter"

mRun-x64: [updatePDIRShortCut] "C:Program Files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPowerDirector" UpdateWithCreateOnce "SOFTWARECyberLinkPowerDirector7.0"

mRun-x64: [updateP2GoShortCut] "C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPower2Go" UpdateWithCreateOnce "SOFTWARECyberLinkPower2Go6.0"

mRun-x64: [updateLBPShortCut] "C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkLabelPrint" UpdateWithCreateOnce "SoftwareCyberLinkLabelPrint2.5"

mRun-x64: [uCam_Menu] "C:Program Files (x86)CyberLinkYouCamMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkYouCam" UpdateWithCreateOnce "SoftwareCyberLinkYouCam2.0"

mRun-x64: [TkBellExe] "C:Program Files (x86)RealRealPlayerUpdaterealsched.exe" -osboot

mRun-x64: [QuickTime Plugin Install] "C:Program Files (x86)QuickTimePluginsDeleteMe1.exe"

mRun-x64: [QPService] "C:Program Files (x86)HPQuickPlayQPService.exe"

mRun-x64: [QlbCtrl.exe] "C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" /Start

mRun-x64: [Malwarebytes' Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /starttray

mRun-x64: [iCF] "C:Program Files (x86)Internet Content FilterSafeEyes.exe"

mRun-x64: [HP Health Check Scheduler] c:Program Files (x86)Hewlett-PackardHP Health CheckHPHC_Scheduler.exe

mRun-x64: [Freecorder FLV Service] "C:Program Files (x86)FreecorderFLVSrvc.exe" /run

mRun-x64: [ccApp] "C:Program Files (x86)Common FilesSymantec SharedccApp.exe"

mRun-x64: [CarboniteSetupLite] "C:Program Files (x86)CarboniteCarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800

mRun-x64: [CanonSolutionMenuEx] "C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE" /logon

mRun-x64: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun-x64: [AppleSyncNotifier] C:Program Files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe

mRun-x64: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun-x64: [info Center] "C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe"

mRun-x64: [mcagent_exe] "C:Program Files (x86)McAfee.comAgentmcagent.exe" /runkey

mRun-x64: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.default

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20110940,16900,0,21,0

FF - prefs.js: keyword.URL - hxxp://search.toolbars.alexa.com/?ver=spkyf-1.6.0&src=ab&aid=8z2Na14dwW00gq&q=

FF - plugin: C:Program Files (x86)AdobeReader 9.0ReaderAIRnppdf32.dll

FF - plugin: C:Program Files (x86)CanonEasy-PhotoPrint EXNPEZFFPI.DLL

FF - plugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll

FF - plugin: C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll

FF - plugin: C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll

FF - plugin: C:Program Files (x86)McAfeeSupportabilityMVTNPMVTPlugin.dll

FF - plugin: c:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrlui.dll

FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsnpCouponPrinter.dll

FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsnpdeployJava1.dll

FF - plugin: C:Program Files (x86)Mozilla Firefoxpluginsnpdnu.dll

FF - plugin: C:Program Files (x86)Mozilla Firefoxpluginsnpdnupdater2.dll

FF - plugin: C:Program Files (x86)Mozilla Firefoxpluginsnpyaxmpb.dll

FF - plugin: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll

FF - plugin: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll

FF - plugin: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll

FF - plugin: C:UserslorreaAppDataLocalRobloxVersionsversion-7abe764230c5492dNPRobloxProxy.dll

FF - plugin: C:UserslorreaAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll

FF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(extentions.y2layers.installId, e8854a5b-128e-4e49-b611-49f3a4ae7184

FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:Windowssystem32driversmfehidk.sys --> C:Windowssystem32driversmfehidk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:Windowssystem32driversmfewfpk.sys --> C:Windowssystem32driversmfewfpk.sys [?]

R1 SASDIFSV;SASDIFSV;C:Program FilesSUPERAntiSpywaresasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:Program FilesSUPERAntiSpywaresaskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:Program FilesSUPERAntiSpywareSASCore64.exe [2011-8-11 140672]

R2 FontCache;Windows Font Cache Service;C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:Windowssystem32mfevtps.exe" --> C:Windowssystem32mfevtps.exe [?]

R2 SBSDWSCService;SBSD Security Center Service;C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe [2012-1-5 1153368]

R3 CAXHWAZL;CAXHWAZL;C:Windowssystem32DRIVERSCAXHWAZL.sys --> C:Windowssystem32DRIVERSCAXHWAZL.sys [?]

R3 Com4QLBEx;Com4QLBEx;C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe [2009-4-20 227896]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:Windowssystem32driversIntcHdmi.sys --> C:Windowssystem32driversIntcHdmi.sys [?]

R3 MBAMProtector;MBAMProtector;??C:Windowssystem32driversmbam.sys --> C:Windowssystem32driversmbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:Windowssystem32driversmfeavfk.sys --> C:Windowssystem32driversmfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:Windowssystem32driversmfefirek.sys --> C:Windowssystem32driversmfefirek.sys [?]

R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:Windowssystem32DRIVERSNETw5v64.sys --> C:Windowssystem32DRIVERSNETw5v64.sys [?]

S2 0111611325191259mcinstcleanup;McAfee Application Installer Cleanup (0111611325191259);C:WindowsTEMP011161~1.EXE C:PROGRA~2COMMON~1McAfeeINSTAL~1cleanup.ini -cleanup -nolog -service --> C:WindowsTEMP011161~1.EXE C:PROGRA~2COMMON~1McAfeeINSTAL~1cleanup.ini -cleanup -nolog -service [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]

S2 DVDRIVER;DVdriver;C:Windowssystem32DRIVERSdvdriver.sys --> C:Windowssystem32DRIVERSdvdriver.sys [?]

S2 MBAMService;MBAMService;C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2011-11-7 366152]

S2 McShield;McAfee Real-time Scanner;C:PROGRA~1McAfeeVIRUSS~1McShield.exe [2011-12-29 156480]

S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsFileAgent.exe [2008-9-16 169312]

S3 Akamai;Akamai NetSession Interface;C:WindowsSystem32svchost.exe -k Akamai [2008-1-20 21504]

S3 FlipShareServer;FlipShare Server;C:Program Files (x86)Flip VideoFlipShareServerFlipShareServer.exe [2011-5-6 1085440]

S3 fssfltr;FssFltr;C:Windowssystem32DRIVERSfssfltr.sys --> C:Windowssystem32DRIVERSfssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:Program Files (x86)Windows LiveFamily Safetyfsssvc.exe [2010-9-23 1493352]

S3 gupdate;Google Update Service (gupdate);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-3-14 136176]

S3 gupdatem;Google Update Service (gupdatem);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-3-14 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:Program Files (x86)McAfee Security Scan3.0.250McCHSvc.exe [2011-12-9 237272]

S3 McSysmon;McAfee SystemGuards;C:PROGRA~2McAfeeVIRUSS~1mcsysmon.exe [2011-12-29 606736]

S3 mferkdet;McAfee Inc. mferkdet;C:Windowssystem32driversmferkdet.sys --> C:Windowssystem32driversmferkdet.sys [?]

S3 mferkdk;McAfee Inc. mferkdk;C:Windowssystem32driversmferkdk.sys --> C:Windowssystem32driversmferkdk.sys [?]

S3 mfesmfk;McAfee Inc. mfesmfk;C:Windowssystem32driversmfesmfk.sys --> C:Windowssystem32driversmfesmfk.sys [?]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:Windowssystem32DRIVERSnetaapl64.sys --> C:Windowssystem32DRIVERSnetaapl64.sys [?]

S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:Windowssystem32DRIVERSNETw3v64.sys --> C:Windowssystem32DRIVERSNETw3v64.sys [?]

S3 NPF;NetGroup Packet Filter Driver;C:WindowsSystem32driversnpf.sys [2011-6-1 34064]

S3 PCPitstop Scheduling;PCPitstop Scheduling;C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe [2011-12-25 91816]

S3 PerfHost;Performance Counter DLL Host;C:WindowsSysWOW64perfhost.exe [2008-1-20 19968]

S3 Recovery Service for Windows;Recovery Service for Windows;C:Program Files (x86)SMINSTBLService.exe [2009-4-20 365952]

S3 seUpdateSvc;Safe Eyes Update Service;C:Program Files (x86)Internet Content FilterUpdateService.exe [2010-8-3 233472]

S3 USBAAPL64;Apple Mobile USB Driver;C:Windowssystem32Driversusbaapl64.sys --> C:Windowssystem32Driversusbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:WindowsMicrosoft.NETFramework64v4.0.30319WPFWPFFontCache_v0400.exe [2010-3-18 1020768]

S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:Windowssystem32DRIVERSyk60x64.sys --> C:Windowssystem32DRIVERSyk60x64.sys [?]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe [2011-4-29 89920]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:Program FilesWindows LiveMeshwlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

JSEFile=C:WindowsSysWOW64WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-01-09 15:21:19 388096 ----a-r- C:UserslorreaAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2012-01-09 15:21:19 -------- d-----w- C:Program Files (x86)Trend Micro

2012-01-09 05:09:11 -------- d-----w- C:UserslorreaAppDataRoamingSUPERAntiSpyware.com

2012-01-09 05:08:53 -------- d-----w- C:ProgramDataSUPERAntiSpyware.com

2012-01-09 05:08:53 -------- d-----w- C:Program FilesSUPERAntiSpyware

2012-01-06 20:56:28 -------- d-----w- C:UserslorreaAppDataLocalCrashDumps

2012-01-06 02:01:23 -------- d-----w- C:ProgramDataSpybot - Search & Destroy

2012-01-06 02:01:23 -------- d-----w- C:Program Files (x86)Spybot - Search & Destroy

2012-01-06 01:58:15 -------- d-----w- C:Program FilesiPod

2012-01-06 01:54:51 -------- d-----w- C:Program FilesiTunes

2012-01-05 12:47:30 -------- d-----w- C:UserslorreaAppDataLocalNPE

2012-01-05 00:39:08 41160 ----a-w- C:WindowsSystem32driversmferkdk.sys

2012-01-04 03:21:44 -------- d-----w- C:UserslorreaAppDataLocalOpera

2012-01-04 00:56:43 -------- d-----w- C:UserslorreaAppDataLocalSecunia PSI

2012-01-04 00:55:39 -------- d-----w- C:Program Files (x86)Secunia

2012-01-02 06:33:37 -------- d-----w- C:UserslorreaAppDataRoamingRealNetworks

2012-01-01 16:59:29 -------- d-----w- C:Program FilesiPod(172)

2011-12-29 20:43:26 -------- d-----w- C:Program FilesMcAfee.com

2011-12-29 20:42:05 28760 ----a-w- C:Program Files (x86)Mozilla FirefoxScriptFF.dll

2011-12-29 20:42:03 10248 ----a-w- C:WindowsSystem32driversmfeclnk.sys

2011-12-29 20:41:26 161168 ----a-w- C:WindowsSystem32mfevtps.exe

2011-12-29 20:41:21 647080 ----a-w- C:WindowsSystem32driversmfehidk.sys

2011-12-29 20:41:21 481768 ----a-w- C:WindowsSystem32driversmfefirek.sys

2011-12-29 20:41:21 284648 ----a-w- C:WindowsSystem32driversmfewfpk.sys

2011-12-29 20:41:21 229528 ----a-w- C:WindowsSystem32driversmfeavfk.sys

2011-12-29 20:41:21 160280 ----a-w- C:WindowsSystem32driversmfeapfk.sys

2011-12-29 20:41:21 100912 ----a-w- C:WindowsSystem32driversmferkdet.sys

2011-12-29 15:10:01 49608 ----a-w- C:WindowsSystem32driversmfesmfk.sys

2011-12-29 14:28:26 -------- d-----w- C:UserslorreaAppDataRoamingMcAfee

2011-12-29 14:23:53 -------- d-----w- C:Program Files (x86)Common FilesMcAfee

2011-12-29 14:23:49 -------- d-----w- C:Program FilesMcAfee

2011-12-29 14:23:48 -------- d-----w- C:Program FilesCommon FilesMcAfee

2011-12-29 14:23:48 -------- d-----w- C:Program Files (x86)McAfee.com

2011-12-29 14:23:45 -------- d-----w- C:Program Files (x86)McAfee

2011-12-25 22:53:29 -------- d-----w- C:ProgramDataPCPitstopDat

2011-12-25 22:19:40 -------- d-----w- C:ProgramDataPCPitstop

2011-12-25 22:19:38 -------- d-----w- C:Program Files (x86)PCPitstop

2011-12-25 02:15:29 -------- d-----w- C:UserslorreaAppDataLocalSymantec

2011-12-25 02:15:22 225328 ----a-w- C:WindowsSystem32driverswpshelper.sys

2011-12-25 02:13:01 172592 ----a-w- C:WindowsSystem32driversSYMEVENT64x86.SYS

2011-12-25 02:11:52 -------- d-----w- C:Program FilesSymantec

2011-12-25 02:11:08 -------- d-----w- C:Program FilesCommon FilesSymantec Shared

2011-12-25 02:11:07 -------- d-----w- C:Program Files (x86)Symantec

2011-12-24 01:34:57 -------- d-----w- C:UserslorreaAppDataLocal{3C5C8126-04A2-4EE3-ACFF-3C71A654A151}

2011-12-24 01:34:23 -------- d-----w- C:UserslorreaAppDataLocal{81F36AA0-E58B-4D5B-A995-3CCDF4DF7B5E}

2011-12-23 08:55:43 8822856 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{BAE9E356-0E0B-4DC2-B369-368225CEFB49}mpengine.dll

2011-12-21 21:34:59 -------- d-----w- C:UserslorreaAppDataRoamingcom.blueprintcentral.keywordblaze

2011-12-21 21:34:51 -------- d-----w- C:Program Files (x86)KeywordBlaze

2011-12-21 21:33:11 -------- d-----we C:Windowssystem64

2011-12-19 15:48:36 -------- d-----w- C:UserslorreaAppDataLocal{0F4016F3-9A40-446B-8D66-93AE72120587}

2011-12-19 15:48:23 -------- d-----w- C:UserslorreaAppDataLocal{786856A9-1B79-4F78-AA28-4C6D691DFB1D}

2011-12-18 14:01:31 -------- d-----w- C:UserslorreaAppDataLocal{541BADC1-2A31-4944-AAB3-656AB77F6F20}

2011-12-18 14:01:08 -------- d-----w- C:UserslorreaAppDataLocal{9DA6096C-0033-4E33-8C85-2B1310B91CC0}

2011-12-14 22:48:33 85504 ----a-w- C:WindowsSystem32csrsrv.dll

2011-12-14 22:47:58 2048 ----a-w- C:WindowsSysWow64tzres.dll

2011-12-14 22:47:58 2048 ----a-w- C:WindowsSystem32tzres.dll

2011-12-14 22:47:48 559616 ----a-w- C:WindowsSystem32EncDec.dll

2011-12-14 22:47:48 429056 ----a-w- C:WindowsSysWow64EncDec.dll

2011-12-14 22:47:46 2764800 ----a-w- C:WindowsSystem32win32k.sys

2011-12-14 22:46:03 2409784 ----a-w- C:Program FilesWindows MailOESpamFilter.dat

2011-12-14 22:46:03 2409784 ----a-w- C:Program Files (x86)Windows MailOESpamFilter.dat

.

==================== Find3M ====================

.

2011-12-21 21:33:08 414368 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl

2011-11-04 01:53:39 2309120 ----a-w- C:WindowsSystem32jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:WindowsSystem32wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:WindowsSystem32inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:WindowsSystem32mshtml.tlb

2011-11-03 23:35:42 72080 ----a-w- C:Userslorreag2mdlhlpx.exe

2011-11-03 22:47:42 1798144 ----a-w- C:WindowsSysWow64jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:WindowsSysWow64inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:WindowsSysWow64wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb

2011-10-24 21:29:02 94208 ----a-w- C:WindowsSysWow64QuickTimeVR.qtx

2011-10-24 21:29:02 69632 ----a-w- C:WindowsSysWow64QuickTime.qts

.

============= FINISH: 9:02:58.65 ===============

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: DeviceHarddiskVolume1

Install Date: 8/10/2009 8:45:25 AM

System Uptime: 1/9/2012 7:42:45 AM (2 hours ago)

.

Motherboard: Wistron | | 3612

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | CPU | 2100/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 286 GiB total, 20.367 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 1.955 GiB free.

E: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C6100 series

Device ID: ROOTMULTIFUNCTION0000

Manufacturer: HP

Name: Photosmart C6100 series

PNP Device ID: ROOTMULTIFUNCTION0000

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C7200 series

Device ID: ROOTMULTIFUNCTION0001

Manufacturer: HP

Name: Photosmart C7200 series

PNP Device ID: ROOTMULTIFUNCTION0001

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C6100 series

Device ID: ROOTMULTIFUNCTION0002

Manufacturer: HP

Name: Photosmart C6100 series

PNP Device ID: ROOTMULTIFUNCTION0002

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOTMULTIFUNCTION0003

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOTMULTIFUNCTION0003

Service:

.

==== System Restore Points ===================

.

RP682: 1/6/2012 2:00:17 PM - Windows Update

RP683: 1/7/2012 2:00:17 PM - Windows Update

RP684: 1/9/2012 6:52:49 AM - Scheduled Checkpoint

RP685: 1/9/2012 8:18:59 AM - Installed HiJackThis

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

3ivx MPEG-4 5.0.3 (remove only)

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe ConnectNow Add-in

Adobe Flash Player 11 ActiveX

Adobe Photoshop Elements 7.0

Adobe Photoshop.com Inspiration Browser

Adobe Reader 9.4.4

Adobe Shockwave Player 11.5

AIO_CDA_ProductContext

AIO_CDA_Software

AIO_Scan

Akamai NetSession Interface

Akamai NetSession Interface Service

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Software Update

Audacity 1.3.12 (Unicode)

Audible Download Manager

AviSynth 2.5

AVS Update Manager 1.0

AVS Video Converter 7

AVS4YOU Software Navigator 1.4

Belkin N+ Wireless USB Adapter

Blender (remove only)

BufferChm

C6100

c6100_Help

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MP Navigator EX 4.0

Canon MP280 series User Registration

Canon My Printer

Canon Solution Menu EX

Carbonite Online Backup Setup

Charlie Church Mouse Kindergarten 1.0

Charlie Church Mouse Preschool 1.2

Clip Art Collection

Compatibility Pack for the 2007 Office system

Copy

Coupon Printer for Windows

Cozi Outlook Toolbar

CustomerResearchQFolder

CyberLink DVD Suite

CyberLink YouCam

D3DX10

Destinations

DeviceManagementQFolder

DocProc

DocProcQFolder

Download Updater (AOL LLC)

DVD Decrypter (Remove Only)

ESU for Microsoft Vista

eSupportQFolder

Fax

FileZilla Client 3.5.0

FlipShare

Freecorder 5

Google Chrome

Google Earth Plug-in

Google Update Helper

GoToMeeting 4.8.0.723

GPL Ghostscript Lite 8.70

Handbrake 0.9.4

HiJackThis

Homeschool Tracker Basic

Homeschool Tracker Plus

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Advisor

HP Customer Experience Enhancements

HP Doc Viewer

HP DVD Play 3.7

HP Help and Support

HP Photosmart Essential

HP Product Assistant

HP Quick Launch Buttons

HP Total Care Setup

HP Update

HP User Guides 0118

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPProductAssistant

HPSSupply

ImageMixer 3 SE Ver.6 Transfer Utility

ImageMixer 3 SE Ver.6 Video Tools

Info Center 1.0.0.7

iSEEK AnswerWorks English Runtime

Java Auto Updater

Java 6 Update 29

Java 6 Update 7

Jing

Jobulator

Junk Mail filter update

Juno Preloader

Keyword Blaze

Keyword Blueprint 2

KeywordBlueprint

LabelCreator Pro

LabelPrint

LEGO Digital Designer

LightScribe System Software 1.14.17.1

LightScribe Template Labeler

Livestream Procaster

LiveUpdate 3.3 (Symantec Corporation)

Malwarebytes' Anti-Malware version 1.51.2.1300

MarketResearch

McAfee Security Scan Plus

McAfee SecurityCenter

McAfee Virtual Technician

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Live Search Toolbar

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Ultimate 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Works

Mozilla Firefox 7.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee Reveal

My HP Games

NetAssistant

NetAssistant for Firefox

NetWaiting

NetZero Preloader

Nvu 1.0PR

Omron Health Management Software

PC Matic 1.1.0.44

Power2Go

PowerDirector

Punctuation Puzzler Commas and More A1

QLBCASL

Quarter Mile Math Level 2

Quicken 2008

QuickTime

Readerware

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

Roblox for lorrea

Safari

Safe Eyes

Scan

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Segoe UI

SmartSound Quicktracks for Premiere Elements 8.0

SolutionCenter

Spelling Dictionaries Support For Adobe Reader 9

SPORE Creature Creator Trial Edition

Spybot - Search & Destroy

Status

Sub Sidekick

Timez Attack Launcher

Toolbox

TrayApp

TurboTax 2008

TurboTax 2008 waziper

TurboTax 2008 WinPerFedFormset

TurboTax 2008 WinPerProgramHelp

TurboTax 2008 WinPerReleaseEngine

TurboTax 2008 WinPerTaxSupport

TurboTax 2008 WinPerUserEducation

TurboTax 2008 wrapper

TurboTax 2009

TurboTax 2009 waziper

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 waziper

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

TweetDeck

Unity Web Player

UnloadSupport

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2596560)

Videora iPod Converter 5.04

Vimeo Uploader

Visual Studio 2005 Tools for Office Second Edition Runtime

WD Diagnostics

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

XPS2OneNote

Yahoo! Install Manager

Yahoo! Widgets

.

==== End Of File ===========================

Link to post
Share on other sites

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software

Run date: 2012-01-09 09:06:08

-----------------------------

09:06:08.000 OS Version: Windows x64 6.0.6002 Service Pack 2

09:06:08.000 Number of processors: 2 586 0x170A

09:06:08.001 ComputerName: LORREA-PC UserName: lorrea

09:06:11.581 Initialize success

09:11:01.319 AVAST engine defs: 12010900

09:13:04.417 The log file has been saved successfully to "C:UserslorreaDocumentsaswMBR scan 1912.txt"

Link to post
Share on other sites

Hi Lorrea (I hope it's ok to call you that),

 

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

 

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

 

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

 

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. :)

----------

 

 

Please download TDSSKiller.zip

  • Extract it to your desktop
  • Right-click and Run as Administrator TDSSKiller.exe
  • Press Start Scan

    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply

    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
----------

 

 

Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

 

**Note: It is important that it is saved directly to your desktop**

 

--------------------------------------------------------------------

 

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

 

--------------------------------------------------------------------

 

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
----------

 

If you have chosen to attempt cleaning please post the logs created by TDSSKiller and ComboFix.

Link to post
Share on other sites

Hi,

 

I am checking with my husband and my brother for there advice.

Ok....let me know what you would like to do. :)

 

As with any malware it is hard to give a specific on exactly where it came from unfortunately.

Link to post
Share on other sites

We are still evaluating our options. But I went ahead and ran both of those scans. Part of the problem is some missing software...this could be a very expensive proposition. Here is the details of those scans:

 

The first scan found no issues, the log report was empty so nothing to paste here.

 

ComboFix 12-01-09.03 - lorrea 01/09/2012 13:47:09.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.1591 [GMT -7:00]

Running from: c:userslorreaFavoritesDownloadsComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Symantec Endpoint Protection *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:programdataTarma Installer

c:programdataTarma Installer{889DF117-14D1-44EE-9F31-C5FB5D47F68B}_Setup.dll

c:programdataTarma Installer{889DF117-14D1-44EE-9F31-C5FB5D47F68B}_Setupx.dll

c:programdataTarma Installer{889DF117-14D1-44EE-9F31-C5FB5D47F68B}Setup.dat

c:programdataTarma Installer{889DF117-14D1-44EE-9F31-C5FB5D47F68B}Setup.exe

c:programdataTarma Installer{889DF117-14D1-44EE-9F31-C5FB5D47F68B}Setup.ico

c:programdataTarma Installer{DA00D550-BB91-4A26-AAE5-9172D626CAAE}_Setup.dll

c:programdataTarma Installer{DA00D550-BB91-4A26-AAE5-9172D626CAAE}_Setupx.dll

c:programdataTarma Installer{DA00D550-BB91-4A26-AAE5-9172D626CAAE}Setup.dat

c:programdataTarma Installer{DA00D550-BB91-4A26-AAE5-9172D626CAAE}Setup.exe

c:programdataTarma Installer{DA00D550-BB91-4A26-AAE5-9172D626CAAE}Setup.ico

c:userslorreaAppDataLocalassemblytmp

c:userslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.defaultsearchpluginsbing-zugo.xml

c:userslorreag2mdlhlpx.exe

c:windowsassemblytempcfg.ini

c:windowssystem32consrv.dll

c:windowssystem32driversetchosts.ics

c:windowsSystem64

c:windowsSysWow64driversnpf.sys

c:windowsSysWow64Packet.dll

c:windowsSysWow64pthreadVC.dll

c:windowsSysWow64wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------Legacy_NPF

-------Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2011-12-09 to 2012-01-09 )))))))))))))))))))))))))))))))

.

.

2012-01-09 21:15 . 2012-01-09 21:15 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-01-09 15:21 . 2012-01-09 15:21 388096 ----a-r- c:userslorreaAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2012-01-09 15:21 . 2012-01-09 15:21 -------- d-----w- c:program files (x86)Trend Micro

2012-01-09 05:09 . 2012-01-09 05:09 -------- d-----w- c:userslorreaAppDataRoamingSUPERAntiSpyware.com

2012-01-09 05:08 . 2012-01-09 05:09 -------- d-----w- c:program filesSUPERAntiSpyware

2012-01-09 05:08 . 2012-01-09 05:08 -------- d-----w- c:programdataSUPERAntiSpyware.com

2012-01-06 20:56 . 2012-01-09 13:59 -------- d-----w- c:userslorreaAppDataLocalCrashDumps

2012-01-06 02:01 . 2012-01-06 04:20 -------- d-----w- c:programdataSpybot - Search & Destroy

2012-01-06 02:01 . 2012-01-06 02:01 -------- d-----w- c:program files (x86)Spybot - Search & Destroy

2012-01-06 01:58 . 2012-01-06 01:58 -------- d-----w- c:program filesiPod

2012-01-06 01:54 . 2012-01-06 02:14 -------- d-----w- c:program filesiTunes

2012-01-05 12:47 . 2012-01-06 04:20 -------- d-----w- c:userslorreaAppDataLocalNPE

2012-01-05 00:39 . 2011-03-30 18:47 41160 ----a-w- c:windowssystem32driversmferkdk.sys

2012-01-04 03:21 . 2012-01-04 03:21 -------- d-----w- c:userslorreaAppDataLocalOpera

2012-01-04 03:14 . 2012-01-04 09:49 -------- d-----w- c:program files (x86)Opera

2012-01-04 00:56 . 2012-01-04 00:56 -------- d-----w- c:userslorreaAppDataLocalSecunia PSI

2012-01-04 00:55 . 2012-01-04 00:55 -------- d-----w- c:program files (x86)Secunia

2012-01-02 06:33 . 2012-01-02 06:33 -------- d-----w- c:userslorreaAppDataRoamingRealNetworks

2011-12-29 20:42 . 2011-12-07 00:22 28760 ----a-w- c:program files (x86)Mozilla FirefoxScriptFF.dll

2011-12-29 20:42 . 2011-10-15 19:16 10248 ----a-w- c:windowssystem32driversmfeclnk.sys

2011-12-29 20:41 . 2011-12-07 00:25 161168 ----a-w- c:windowssystem32mfevtps.exe

2011-12-29 20:41 . 2011-10-15 19:16 647080 ----a-w- c:windowssystem32driversmfehidk.sys

2011-12-29 20:41 . 2011-10-15 19:16 481768 ----a-w- c:windowssystem32driversmfefirek.sys

2011-12-29 20:41 . 2011-10-15 19:16 284648 ----a-w- c:windowssystem32driversmfewfpk.sys

2011-12-29 20:41 . 2011-10-15 19:16 229528 ----a-w- c:windowssystem32driversmfeavfk.sys

2011-12-29 20:41 . 2011-10-15 19:16 160280 ----a-w- c:windowssystem32driversmfeapfk.sys

2011-12-29 20:41 . 2011-10-15 19:16 100912 ----a-w- c:windowssystem32driversmferkdet.sys

2011-12-29 15:10 . 2011-03-30 18:47 49608 ----a-w- c:windowssystem32driversmfesmfk.sys

2011-12-29 14:28 . 2011-12-29 14:28 -------- d-----w- c:userslorreaAppDataRoamingMcAfee

2011-12-29 14:23 . 2012-01-01 15:54 -------- d-----w- c:program files (x86)Common FilesMcAfee

2011-12-29 14:23 . 2011-12-29 20:44 -------- d-----w- c:program filesMcAfee

2011-12-29 14:23 . 2011-12-29 20:43 -------- d-----w- c:program filesCommon FilesMcAfee

2011-12-29 14:23 . 2012-01-01 15:54 -------- d-----w- c:program files (x86)McAfee

2011-12-27 05:21 . 2011-12-27 05:21 -------- d-----w- c:program filesDIFX

2011-12-25 22:19 . 2012-01-09 13:24 -------- d-----w- c:programdataPCPitstop

2011-12-25 22:19 . 2011-12-25 22:19 -------- d-----w- c:program files (x86)PCPitstop

2011-12-25 02:15 . 2011-12-25 02:15 -------- d-----w- c:userslorreaAppDataLocalSymantec

2011-12-25 02:15 . 2011-07-15 23:35 225328 ----a-w- c:windowssystem32driverswpshelper.sys

2011-12-25 02:13 . 2011-12-25 02:13 172592 ----a-w- c:windowssystem32driversSYMEVENT64x86.SYS

2011-12-25 02:11 . 2011-12-25 02:13 -------- d-----w- c:program filesSymantec

2011-12-25 02:11 . 2011-12-25 02:11 -------- d-----w- c:program filesCommon FilesSymantec Shared

2011-12-25 02:11 . 2011-12-25 02:11 -------- d-----w- c:program files (x86)Symantec

2011-12-23 08:55 . 2011-11-21 11:40 8822856 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{BAE9E356-0E0B-4DC2-B369-368225CEFB49}mpengine.dll

2011-12-21 21:34 . 2011-12-21 21:34 -------- d-----w- c:userslorreaAppDataRoamingcom.blueprintcentral.keywordblaze

2011-12-21 21:34 . 2011-12-21 21:34 -------- d-----w- c:program files (x86)KeywordBlaze

2011-12-14 22:48 . 2011-10-25 16:09 85504 ----a-w- c:windowssystem32csrsrv.dll

2011-12-14 22:47 . 2011-11-08 14:58 2048 ----a-w- c:windowssystem32tzres.dll

2011-12-14 22:47 . 2011-11-08 14:42 2048 ----a-w- c:windowsSysWow64tzres.dll

2011-12-14 22:47 . 2011-10-14 17:30 559616 ----a-w- c:windowssystem32EncDec.dll

2011-12-14 22:47 . 2011-10-14 16:02 429056 ----a-w- c:windowsSysWow64EncDec.dll

2011-12-14 22:47 . 2011-11-23 13:57 2764800 ----a-w- c:windowssystem32win32k.sys

2011-12-14 22:46 . 2011-11-08 12:10 2409784 ----a-w- c:program filesWindows MailOESpamFilter.dat

2011-12-14 22:46 . 2011-11-08 12:10 2409784 ----a-w- c:program files (x86)Windows MailOESpamFilter.dat

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-21 21:33 . 2011-11-14 01:51 414368 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:windowsSysWow64QuickTimeVR.qtx

2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:windowsSysWow64QuickTime.qts

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"PhotoshopElementsSyncAgent"="c:program files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsSyncAgent.exe" [2010-04-15 1779040]

"Jing"="c:program files (x86)TechSmithJingJing.exe" [2010-08-19 3069192]

"Akamai NetSession Interface"="c:userslorreaAppDataLocalAkamainetsession_win.exe" [2011-12-13 3305760]

"SpybotSD TeaTimer"="c:program files (x86)Spybot - Search & DestroyTeaTimer.exe" [2009-01-26 2144088]

"SUPERAntiSpyware"="c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe" [2011-12-09 5486464]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"WirelessAssistant"="c:program files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe" [2010-03-23 500792]

"UpdatePSTShortCut"="c:program files (x86)CyberLinkDVD SuiteMUITransferMUIStartMenu.exe" [2008-10-07 210216]

"UpdatePDIRShortCut"="c:program files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe" [2008-06-14 210216]

"UpdateP2GoShortCut"="c:program files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" [2008-06-14 210216]

"UpdateLBPShortCut"="c:program files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" [2008-06-14 210216]

"UCam_Menu"="c:program files (x86)CyberLinkYouCamMUITransferMUIStartMenu.exe" [2008-11-15 218408]

"TkBellExe"="c:program files (x86)RealRealPlayerUpdaterealsched.exe" [2011-10-16 273528]

"QuickTime Plugin Install"="c:program files (x86)QuickTimePluginsDeleteMe1.exe" [2010-03-15 86016]

"QPService"="c:program files (x86)HPQuickPlayQPService.exe" [2008-09-24 468264]

"QlbCtrl.exe"="c:program files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" [2009-11-24 323640]

"Malwarebytes' Anti-Malware"="c:program files (x86)Malwarebytes' Anti-Malwarembamgui.exe" [2011-09-01 449608]

"ICF"="c:program files (x86)Internet Content FilterSafeEyes.exe" [2010-09-24 1599208]

"HP Health Check Scheduler"="c:program files (x86)Hewlett-PackardHP Health CheckHPHC_Scheduler.exe" [2008-10-09 75008]

"Freecorder FLV Service"="c:program files (x86)FreecorderFLVSrvc.exe" [2011-03-24 167936]

"ccApp"="c:program files (x86)Common FilesSymantec SharedccApp.exe" [2010-01-25 115560]

"CarboniteSetupLite"="c:program files (x86)CarboniteCarbonitePreinstaller.exe" [2010-03-09 283792]

"CanonSolutionMenuEx"="c:program files (x86)CanonSolution Menu EXCNSEMAIN.EXE" [2010-04-02 1185112]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-11-02 59240]

"AppleSyncNotifier"="c:program files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe" [2011-11-02 59240]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2010-09-21 932288]

"Info Center"="c:program files (x86)PCPitstopInfo CenterInfoCenter.exe" [2011-09-26 24216]

"mcagent_exe"="c:program files (x86)McAfee.comAgentmcagent.exe" [2010-06-10 1218008]

"iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2011-12-08 421736]

.

c:userslorreaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

Jobulator.lnk - c:program files (x86)JobulatorJobulator.exe [2011-11-28 142336]

Yahoo! Widgets.lnk - c:program files (x86)Yahoo!WidgetsYahooWidgets.exe [2008-3-18 4742184]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

Audible Download Manager.lnk - c:program files (x86)AudibleBinAudibleDownloadHelper.exe [2009-12-17 1795488]

HP Digital Imaging Monitor.lnk - c:program files (x86)HpDigital Imagingbinhpqtra08.exe [2007-1-2 210520]

ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:program files (x86)PIXELAImageMixer 3 SE Ver.6Transfer UtilityCameraMonitor.exe [2011-6-5 537968]

McAfee Security Scan Plus.lnk - c:program files (x86)McAfee Security Scan3.0.250SSScheduler.exe [2011-12-9 272792]

Sub Sidekick.lnk - c:program files (x86)Sub Sidekicksubsidekick.exe [2011-7-31 354104]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 0111611325191259mcinstcleanup;McAfee Application Installer Cleanup (0111611325191259);c:windowsTEMP011161~1.EXE [x]

R3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:program files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsFileAgent.exe [2008-09-16 169312]

S2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE64.EXE [2011-08-11 140672]

.

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:program files (x86)Common FilesLightScribeLSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-09 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-03-14 15:00]

.

2012-01-09 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-03-14 15:00]

.

2012-01-09 c:windowsTasksHPCeeScheduleForlorrea.job

- c:program files (x86)hewlett-packardsdpceementHPCEE.exe [2009-04-20 18:34]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-04-17 1237288]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2010-08-26 161304]

"CanonMyPrinter"="c:program filesCanonMyPrinterBJMyPrt.exe" [2010-03-25 2726728]

"combofix"="c:combofixCF2425.3XE" [2008-01-21 363008]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

uLocal Page = c:windowssystem32blank.htm

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:progra~2MICROS~2Office12EXCEL.EXE/3000

LSP: c:windowsSystem32icf.dll

Trusted Zone: internet

Trusted Zone: intuit.comttlc

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64browseui.dll

FF - ProfilePath - c:userslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.default

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20110940,16900,0,21,0

FF - prefs.js: keyword.URL - hxxp://search.toolbars.alexa.com/?ver=spkyf-1.6.0&src=ab&aid=8z2Na14dwW00gq&q=

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(extentions.y2layers.installId, e8854a5b-128e-4e49-b611-49f3a4ae7184

FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:program files (x86)Yontoo Layers RuntimeYontooIEClient.dll

HKLM-Run-Windows Defender - c:program files (x86)Windows DefenderMSASCui.exe

AddRemove-Adobe Shockwave Player - c:windowssystem32AdobeShockwave 11uninstaller.exe

AddRemove-YInstHelper - c:windowssystem32regsvr32

.

.

.

[HKEY_LOCAL_MACHINEsystemControlSet002ServicesAkamai]

"ServiceDll"="c:program files (x86)common filesakamai/netsession_win_b427739.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS.DefaultSoftwareMicrosoftInternet ExplorerApproved Extensions]

@Denied: (2) (LocalSystem)

"{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72,

1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{430DDB4F-38CC-4E91-AF33-4157334EC937}"=hex:51,66,7a,6c,4c,1d,38,12,21,d8,1e,

47,fe,76,ff,0b,d0,25,02,17,36,10,8d,23

"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,

71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,

33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,

25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS.DefaultSoftwareMicrosoftInternet ExplorerApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:20,8c,2b,00,4c,63,cc,01

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

@Denied: (A 2) (Everyone)

@SACL=

@="IFlashBroker"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}ProxyStubClsid]

@Denied: (A 2) (Everyone)

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINEsoftwareMcAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,

.

[HKEY_LOCAL_MACHINEsoftwareWow6432NodeClasses]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,

.

[HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftOfficeCommonSmart TagActions{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]

@Denied: (A) (Everyone)

"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"

.

[HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftSchema LibraryActionsPane]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftSchema LibraryActionsPane0]

"Key"="ActionsPane"

"Location"="c:Program Files (x86)Common FilesMicrosoft SharedVSTO8.0ActionsPane.xsd"

.

[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:program files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

c:program files (x86)Flip VideoFlipShareFlipShareService.exe

c:program files (x86)Common FilesLightScribeLSSrvc.exe

c:program files (x86)Spybot - Search & DestroySDWinSec.exe

c:progra~2McAfeeMSCmcmscsvc.exe

c:program files (x86)Hewlett-PackardSharedhpqwmiex.exe

c:program files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe

c:program files (x86)iTunesiTunes.exe

c:program files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceHelper.exe

c:program files (x86)Common FilesAppleApple Application Supportdistnoted.exe

.

**************************************************************************

.

Completion time: 2012-01-09 15:27:51 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-09 22:27

.

Pre-Run: 21,471,174,656 bytes free

Post-Run: 20,995,489,792 bytes free

.

- - End Of File - - E9334D245756BF93F458344614E00C27

Link to post
Share on other sites

Hi Lorrea,

 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    DDS::
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    Trusted Zone: internet
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: mcafee.com
    BHO-X64:		 AcroIEHelperStub - No File
    BHO-X64:		 Canon Easy-WebPrint EX BHO - No File
    BHO-X64:		 scriptproxy - No File
    BHO-X64:		 Yontoo Layers - No File
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
    
    Firefox::
    FF - ProfilePath - C:\Users\lorrea\AppData\Roaming\Mozilla\Firefox\Profiles\izf5kge9.default\
    FF - prefs.js: keyword.URL - hxxp://search.toolbars.alexa.com/?ver=spkyf-1.6.0&src=ab&aid=8z2Na14dwW00gq&q=
    
    Folder::
    C:\Users\lorrea\AppData\Local\{3C5C8126-04A2-4EE3-ACFF-3C71A654A151}
    C:\Users\lorrea\AppData\Local\{81F36AA0-E58B-4D5B-A995-3CCDF4DF7B5E}
    C:\Users\lorrea\AppData\Local\{0F4016F3-9A40-446B-8D66-93AE72120587}
    C:\Users\lorrea\AppData\Local\{786856A9-1B79-4F78-AA28-4C6D691DFB1D}
    C:\Users\lorrea\AppData\Local\{541BADC1-2A31-4944-AAB3-656AB77F6F20}
    C:\Users\lorrea\AppData\Local\{9DA6096C-0033-4E33-8C85-2B1310B91CC0}
    
    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

 

In your next reply please post the logs created by ComboFix. :)

Link to post
Share on other sites

ComboFix 12-01-09.07 - lorrea 01/10/2012 7:22.3.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.1941 [GMT -7:00]

Running from: c:userslorreaFavoritesDownloadsComboFix.exe

Command switches used :: c:userslorreaDesktopcfscript.txt

AV: Symantec Endpoint Protection *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Symantec Endpoint Protection *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:userslorreaAppDataLocal{0F4016F3-9A40-446B-8D66-93AE72120587}

c:userslorreaAppDataLocal{3C5C8126-04A2-4EE3-ACFF-3C71A654A151}

c:userslorreaAppDataLocal{541BADC1-2A31-4944-AAB3-656AB77F6F20}

c:userslorreaAppDataLocal{786856A9-1B79-4F78-AA28-4C6D691DFB1D}

c:userslorreaAppDataLocal{81F36AA0-E58B-4D5B-A995-3CCDF4DF7B5E}

c:userslorreaAppDataLocal{9DA6096C-0033-4E33-8C85-2B1310B91CC0}

c:userslorreaAppDataLocalassemblytmp

.

.

((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))

.

.

2012-01-10 14:41 . 2012-01-10 14:41 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-01-09 15:21 . 2012-01-09 15:21 388096 ----a-r- c:userslorreaAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2012-01-09 15:21 . 2012-01-09 15:21 -------- d-----w- c:program files (x86)Trend Micro

2012-01-09 05:09 . 2012-01-09 05:09 -------- d-----w- c:userslorreaAppDataRoamingSUPERAntiSpyware.com

2012-01-09 05:08 . 2012-01-09 05:09 -------- d-----w- c:program filesSUPERAntiSpyware

2012-01-09 05:08 . 2012-01-09 05:08 -------- d-----w- c:programdataSUPERAntiSpyware.com

2012-01-06 20:56 . 2012-01-09 13:59 -------- d-----w- c:userslorreaAppDataLocalCrashDumps

2012-01-06 02:01 . 2012-01-06 04:20 -------- d-----w- c:programdataSpybot - Search & Destroy

2012-01-06 02:01 . 2012-01-06 02:01 -------- d-----w- c:program files (x86)Spybot - Search & Destroy

2012-01-06 01:58 . 2012-01-06 01:58 -------- d-----w- c:program filesiPod

2012-01-06 01:54 . 2012-01-06 02:14 -------- d-----w- c:program filesiTunes

2012-01-05 12:47 . 2012-01-06 04:20 -------- d-----w- c:userslorreaAppDataLocalNPE

2012-01-05 00:39 . 2011-03-30 18:47 41160 ----a-w- c:windowssystem32driversmferkdk.sys

2012-01-04 03:21 . 2012-01-04 03:21 -------- d-----w- c:userslorreaAppDataLocalOpera

2012-01-04 03:14 . 2012-01-04 09:49 -------- d-----w- c:program files (x86)Opera

2012-01-04 00:56 . 2012-01-04 00:56 -------- d-----w- c:userslorreaAppDataLocalSecunia PSI

2012-01-04 00:55 . 2012-01-04 00:55 -------- d-----w- c:program files (x86)Secunia

2012-01-02 06:33 . 2012-01-02 06:33 -------- d-----w- c:userslorreaAppDataRoamingRealNetworks

2011-12-29 20:42 . 2011-12-07 00:22 28760 ----a-w- c:program files (x86)Mozilla FirefoxScriptFF.dll

2011-12-29 20:42 . 2011-10-15 19:16 10248 ----a-w- c:windowssystem32driversmfeclnk.sys

2011-12-29 20:41 . 2011-12-07 00:25 161168 ----a-w- c:windowssystem32mfevtps.exe

2011-12-29 20:41 . 2011-10-15 19:16 647080 ----a-w- c:windowssystem32driversmfehidk.sys

2011-12-29 20:41 . 2011-10-15 19:16 481768 ----a-w- c:windowssystem32driversmfefirek.sys

2011-12-29 20:41 . 2011-10-15 19:16 284648 ----a-w- c:windowssystem32driversmfewfpk.sys

2011-12-29 20:41 . 2011-10-15 19:16 229528 ----a-w- c:windowssystem32driversmfeavfk.sys

2011-12-29 20:41 . 2011-10-15 19:16 160280 ----a-w- c:windowssystem32driversmfeapfk.sys

2011-12-29 20:41 . 2011-10-15 19:16 100912 ----a-w- c:windowssystem32driversmferkdet.sys

2011-12-29 15:10 . 2011-03-30 18:47 49608 ----a-w- c:windowssystem32driversmfesmfk.sys

2011-12-29 14:28 . 2011-12-29 14:28 -------- d-----w- c:userslorreaAppDataRoamingMcAfee

2011-12-29 14:23 . 2012-01-01 15:54 -------- d-----w- c:program files (x86)Common FilesMcAfee

2011-12-29 14:23 . 2011-12-29 20:44 -------- d-----w- c:program filesMcAfee

2011-12-29 14:23 . 2011-12-29 20:43 -------- d-----w- c:program filesCommon FilesMcAfee

2011-12-29 14:23 . 2012-01-01 15:54 -------- d-----w- c:program files (x86)McAfee

2011-12-27 05:21 . 2011-12-27 05:21 -------- d-----w- c:program filesDIFX

2011-12-25 22:19 . 2012-01-09 13:24 -------- d-----w- c:programdataPCPitstop

2011-12-25 22:19 . 2011-12-25 22:19 -------- d-----w- c:program files (x86)PCPitstop

2011-12-25 02:15 . 2011-12-25 02:15 -------- d-----w- c:userslorreaAppDataLocalSymantec

2011-12-25 02:15 . 2011-07-15 23:35 225328 ----a-w- c:windowssystem32driverswpshelper.sys

2011-12-25 02:13 . 2011-12-25 02:13 172592 ----a-w- c:windowssystem32driversSYMEVENT64x86.SYS

2011-12-25 02:11 . 2011-12-25 02:13 -------- d-----w- c:program filesSymantec

2011-12-25 02:11 . 2011-12-25 02:11 -------- d-----w- c:program filesCommon FilesSymantec Shared

2011-12-25 02:11 . 2011-12-25 02:11 -------- d-----w- c:program files (x86)Symantec

2011-12-23 08:55 . 2011-11-21 11:40 8822856 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{BAE9E356-0E0B-4DC2-B369-368225CEFB49}mpengine.dll

2011-12-21 21:34 . 2011-12-21 21:34 -------- d-----w- c:userslorreaAppDataRoamingcom.blueprintcentral.keywordblaze

2011-12-21 21:34 . 2011-12-21 21:34 -------- d-----w- c:program files (x86)KeywordBlaze

2011-12-14 22:48 . 2011-10-25 16:09 85504 ----a-w- c:windowssystem32csrsrv.dll

2011-12-14 22:47 . 2011-11-08 14:58 2048 ----a-w- c:windowssystem32tzres.dll

2011-12-14 22:47 . 2011-11-08 14:42 2048 ----a-w- c:windowsSysWow64tzres.dll

2011-12-14 22:47 . 2011-10-14 17:30 559616 ----a-w- c:windowssystem32EncDec.dll

2011-12-14 22:47 . 2011-10-14 16:02 429056 ----a-w- c:windowsSysWow64EncDec.dll

2011-12-14 22:47 . 2011-11-23 13:57 2764800 ----a-w- c:windowssystem32win32k.sys

2011-12-14 22:46 . 2011-11-08 12:10 2409784 ----a-w- c:program filesWindows MailOESpamFilter.dat

2011-12-14 22:46 . 2011-11-08 12:10 2409784 ----a-w- c:program files (x86)Windows MailOESpamFilter.dat

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-21 21:33 . 2011-11-14 01:51 414368 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:windowsSysWow64QuickTimeVR.qtx

2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:windowsSysWow64QuickTime.qts

.

.

((((((((((((((((((((((((((((( [email protected]_21.19.31 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-21 03:20 . 2012-01-09 17:34 589824 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2008-01-21 03:20 . 2012-01-10 02:16 589824 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2009-10-02 12:47 . 2012-01-10 13:55 382454 c:windowssystem32WDISuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2008-01-21 03:20 . 2012-01-10 02:16 5668864 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2008-01-21 03:20 . 2012-01-09 17:34 5668864 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2008-01-21 03:20 . 2012-01-10 02:16 16187392 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

- 2008-01-21 03:20 . 2012-01-09 17:34 16187392 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINEWow6432Node~Browser Helper Objects{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

c:program files (x86)Yontoo Layers RuntimeYontooIEClient.dll [bU]

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"PhotoshopElementsSyncAgent"="c:program files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsSyncAgent.exe" [2010-04-15 1779040]

"Jing"="c:program files (x86)TechSmithJingJing.exe" [2010-08-19 3069192]

"Akamai NetSession Interface"="c:userslorreaAppDataLocalAkamainetsession_win.exe" [2011-12-13 3305760]

"SpybotSD TeaTimer"="c:program files (x86)Spybot - Search & DestroyTeaTimer.exe" [2009-01-26 2144088]

"SUPERAntiSpyware"="c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe" [2011-12-09 5486464]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"WirelessAssistant"="c:program files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe" [2010-03-23 500792]

"UpdatePSTShortCut"="c:program files (x86)CyberLinkDVD SuiteMUITransferMUIStartMenu.exe" [2008-10-07 210216]

"UpdatePDIRShortCut"="c:program files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe" [2008-06-14 210216]

"UpdateP2GoShortCut"="c:program files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" [2008-06-14 210216]

"UpdateLBPShortCut"="c:program files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" [2008-06-14 210216]

"UCam_Menu"="c:program files (x86)CyberLinkYouCamMUITransferMUIStartMenu.exe" [2008-11-15 218408]

"TkBellExe"="c:program files (x86)RealRealPlayerUpdaterealsched.exe" [2011-10-16 273528]

"QuickTime Plugin Install"="c:program files (x86)QuickTimePluginsDeleteMe1.exe" [2010-03-15 86016]

"QPService"="c:program files (x86)HPQuickPlayQPService.exe" [2008-09-24 468264]

"QlbCtrl.exe"="c:program files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" [2009-11-24 323640]

"Malwarebytes' Anti-Malware"="c:program files (x86)Malwarebytes' Anti-Malwarembamgui.exe" [2011-09-01 449608]

"ICF"="c:program files (x86)Internet Content FilterSafeEyes.exe" [2010-09-24 1599208]

"HP Health Check Scheduler"="c:program files (x86)Hewlett-PackardHP Health CheckHPHC_Scheduler.exe" [2008-10-09 75008]

"Freecorder FLV Service"="c:program files (x86)FreecorderFLVSrvc.exe" [2011-03-24 167936]

"ccApp"="c:program files (x86)Common FilesSymantec SharedccApp.exe" [2010-01-25 115560]

"CarboniteSetupLite"="c:program files (x86)CarboniteCarbonitePreinstaller.exe" [2010-03-09 283792]

"CanonSolutionMenuEx"="c:program files (x86)CanonSolution Menu EXCNSEMAIN.EXE" [2010-04-02 1185112]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-11-02 59240]

"AppleSyncNotifier"="c:program files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe" [2011-11-02 59240]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2010-09-21 932288]

"Info Center"="c:program files (x86)PCPitstopInfo CenterInfoCenter.exe" [2011-09-26 24216]

"mcagent_exe"="c:program files (x86)McAfee.comAgentmcagent.exe" [2010-06-10 1218008]

"iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2011-12-08 421736]

.

c:userslorreaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

Jobulator.lnk - c:program files (x86)JobulatorJobulator.exe [2011-11-28 142336]

Yahoo! Widgets.lnk - c:program files (x86)Yahoo!WidgetsYahooWidgets.exe [2008-3-18 4742184]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

Audible Download Manager.lnk - c:program files (x86)AudibleBinAudibleDownloadHelper.exe [2009-12-17 1795488]

HP Digital Imaging Monitor.lnk - c:program files (x86)HpDigital Imagingbinhpqtra08.exe [2007-1-2 210520]

ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:program files (x86)PIXELAImageMixer 3 SE Ver.6Transfer UtilityCameraMonitor.exe [2011-6-5 537968]

McAfee Security Scan Plus.lnk - c:program files (x86)McAfee Security Scan3.0.250SSScheduler.exe [2011-12-9 272792]

Sub Sidekick.lnk - c:program files (x86)Sub Sidekicksubsidekick.exe [2011-7-31 354104]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 0111611325191259mcinstcleanup;McAfee Application Installer Cleanup (0111611325191259);c:windowsTEMP011161~1.EXE [x]

R3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:program files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsFileAgent.exe [2008-09-16 169312]

S2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE64.EXE [2011-08-11 140672]

.

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:program files (x86)Common FilesLightScribeLSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-09 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-03-14 15:00]

.

2012-01-10 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-03-14 15:00]

.

2012-01-09 c:windowsTasksHPCeeScheduleForlorrea.job

- c:program files (x86)hewlett-packardsdpceementHPCEE.exe [2009-04-20 18:34]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-04-17 1237288]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2010-08-26 161304]

"CanonMyPrinter"="c:program filesCanonMyPrinterBJMyPrt.exe" [2010-03-25 2726728]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

uLocal Page = c:windowssystem32blank.htm

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:progra~2MICROS~2Office12EXCEL.EXE/3000

LSP: c:windowsSystem32icf.dll

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64browseui.dll

FF - ProfilePath - c:userslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.default

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20110940,16900,0,21,0

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(extentions.y2layers.installId, e8854a5b-128e-4e49-b611-49f3a4ae7184

FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,

.

.

[HKEY_LOCAL_MACHINEsystemControlSet002ServicesAkamai]

"ServiceDll"="c:program files (x86)common filesakamai/netsession_win_b427739.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS.DefaultSoftwareMicrosoftInternet ExplorerApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:20,8c,2b,00,4c,63,cc,01

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

@Denied: (A 2) (Everyone)

@SACL=

@="IFlashBroker"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}ProxyStubClsid]

@Denied: (A 2) (Everyone)

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINEsoftwareMcAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,

.

[HKEY_LOCAL_MACHINEsoftwareWow6432NodeClasses]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,

.

Completion time: 2012-01-10 08:07:36

ComboFix-quarantined-files.txt 2012-01-10 15:07

ComboFix2.txt 2012-01-09 22:28

.

Pre-Run: 20,846,170,112 bytes free

Post-Run: 20,823,408,640 bytes free

.

- - End Of File - - 3B98A9F95C026E1B25813421E5D4398E

Link to post
Share on other sites

Hi,

 

 

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

----------

 

 

ESET Online Scanner:

 

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

 

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image
  • Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

----------

 

In your next reply please post the logs created by Malwarebytes and ESET online scanner.

 

How is your system running? :)

Link to post
Share on other sites

Here is the Malware Bytes Log, I am working on the ESAT scan now.

 

 

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

 

Database version: v2012.01.10.04

 

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

lorrea :: LORREA-PC [administrator]

 

1/10/2012 8:48:39 AM

mbam-log-2012-01-10 (08-48-39).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 189851

Time elapsed: 5 minute(s), 56 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Link to post
Share on other sites

This is the log that was produced...Just so you know one of my kids touched the keyboard a few minutes ago and the screen indicated that the scan had been stopped by the user. If you want me to redo the scan please let me know.

 

[email protected] as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=28f5ce03174ce34e89d3413964de346d

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-01-10 07:46:16

# local_time=2012-01-10 12:46:16 (-0700, US Mountain Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=3584 16777215 100 0 0 0 0 0

# compatibility_mode=5121 16777086 100 82 0 79044806 0 0

# compatibility_mode=5892 16776638 100 56 511295 162810388 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=307327

# found=6

# cleaned=0

# scan_time=13093

C:QooboxQuarantineCProgramDataTarma Installer{889DF117-14D1-44EE-9F31-C5FB5D47F68B}_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I

C:QooboxQuarantineCProgramDataTarma Installer{DA00D550-BB91-4A26-AAE5-9172D626CAAE}_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I

C:QooboxQuarantineCWindowsSystem32consrv.dll.vir Win64/Sirefef.E trojan (unable to clean) 00000000000000000000000000000000 I

C:UserslorreaAppDataLocalLowSunJavaDeploymentcache6.0413d3fb229-5a78481c a variant of Java/Agent.DZ trojan (unable to clean) 00000000000000000000000000000000 I

C:UserslorreaDownloadsCouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application (unable to clean) 00000000000000000000000000000000 I

C:UserslorreaDownloadsvideora-ipod-504-setup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

Updated Log Happy I wasn't awake to know it finally got finished :-)!

 

[email protected] as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=28f5ce03174ce34e89d3413964de346d

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-01-10 07:46:16

# local_time=2012-01-10 12:46:16 (-0700, US Mountain Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=3584 16777215 100 0 0 0 0 0

# compatibility_mode=5121 16777086 100 82 0 79044806 0 0

# compatibility_mode=5892 16776638 100 56 511295 162810388 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=307327

# found=6

# cleaned=0

# scan_time=13093

C:QooboxQuarantineCProgramDataTarma Installer{889DF117-14D1-44EE-9F31-C5FB5D47F68B}_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I

C:QooboxQuarantineCProgramDataTarma Installer{DA00D550-BB91-4A26-AAE5-9172D626CAAE}_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I

C:QooboxQuarantineCWindowsSystem32consrv.dll.vir Win64/Sirefef.E trojan (unable to clean) 00000000000000000000000000000000 I

C:UserslorreaAppDataLocalLowSunJavaDeploymentcache6.0413d3fb229-5a78481c a variant of Java/Agent.DZ trojan (unable to clean) 00000000000000000000000000000000 I

C:UserslorreaDownloadsCouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application (unable to clean) 00000000000000000000000000000000 I

C:UserslorreaDownloadsvideora-ipod-504-setup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I

[email protected] as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=28f5ce03174ce34e89d3413964de346d

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-01-11 08:20:44

# local_time=2012-01-11 01:20:44 (-0700, US Mountain Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=3584 16777215 100 0 0 0 0 0

# compatibility_mode=5121 16777086 100 82 0 79086002 0 0

# compatibility_mode=5892 16776638 100 56 552491 162851584 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=331484

# found=6

# cleaned=0

# scan_time=17166

C:QooboxQuarantineCProgramDataTarma Installer{889DF117-14D1-44EE-9F31-C5FB5D47F68B}_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I

C:QooboxQuarantineCProgramDataTarma Installer{DA00D550-BB91-4A26-AAE5-9172D626CAAE}_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I

C:QooboxQuarantineCWindowsSystem32consrv.dll.vir Win64/Sirefef.E trojan (unable to clean) 00000000000000000000000000000000 I

C:UserslorreaAppDataLocalLowSunJavaDeploymentcache6.0413d3fb229-5a78481c a variant of Java/Agent.DZ trojan (unable to clean) 00000000000000000000000000000000 I

C:UserslorreaDownloadsCouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application (unable to clean) 00000000000000000000000000000000 I

C:UserslorreaDownloadsvideora-ipod-504-setup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

Hi,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    File::
    C:\Users\lorrea\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\3d3fb229-5a78481c
    C:\Users\lorrea\Downloads\CouponPrinter.exe
    C:\Users\lorrea\Downloads\videora-ipod-504-setup.exe
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

 

In your next reply please post the log created by ComboFix and let me know how your system is running. :)

Link to post
Share on other sites

ComboFix 12-01-10.02 - lorrea 01/11/2012 9:14.4.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.1720 [GMT -7:00]

Running from: c:userslorreaFavoritesDownloadsComboFix.exe

Command switches used :: c:userslorreaDesktopCFScript.txt

AV: Symantec Endpoint Protection *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Symantec Endpoint Protection *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:userslorreaAppDataLocalLowSunJavaDeploymentcache6.0413d3fb229-5a78481c"

"c:userslorreaDownloadsCouponPrinter.exe"

"c:userslorreaDownloadsvideora-ipod-504-setup.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:userslorreaAppDataLocalLowSunJavaDeploymentcache6.0413d3fb229-5a78481c

c:userslorreaDownloadsCouponPrinter.exe

c:userslorreaDownloadsvideora-ipod-504-setup.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))

.

.

2012-01-11 16:39 . 2012-01-11 16:39 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-01-10 16:03 . 2012-01-10 16:03 -------- d-----w- c:program files (x86)ESET

2012-01-09 15:21 . 2012-01-09 15:21 388096 ----a-r- c:userslorreaAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2012-01-09 15:21 . 2012-01-09 15:21 -------- d-----w- c:program files (x86)Trend Micro

2012-01-09 05:09 . 2012-01-09 05:09 -------- d-----w- c:userslorreaAppDataRoamingSUPERAntiSpyware.com

2012-01-09 05:08 . 2012-01-09 05:09 -------- d-----w- c:program filesSUPERAntiSpyware

2012-01-09 05:08 . 2012-01-09 05:08 -------- d-----w- c:programdataSUPERAntiSpyware.com

2012-01-06 20:56 . 2012-01-09 13:59 -------- d-----w- c:userslorreaAppDataLocalCrashDumps

2012-01-06 02:01 . 2012-01-06 04:20 -------- d-----w- c:programdataSpybot - Search & Destroy

2012-01-06 02:01 . 2012-01-06 02:01 -------- d-----w- c:program files (x86)Spybot - Search & Destroy

2012-01-06 01:58 . 2012-01-06 01:58 -------- d-----w- c:program filesiPod

2012-01-06 01:54 . 2012-01-06 02:14 -------- d-----w- c:program filesiTunes

2012-01-05 12:47 . 2012-01-06 04:20 -------- d-----w- c:userslorreaAppDataLocalNPE

2012-01-05 00:39 . 2011-03-30 18:47 41160 ----a-w- c:windowssystem32driversmferkdk.sys

2012-01-04 03:21 . 2012-01-04 03:21 -------- d-----w- c:userslorreaAppDataLocalOpera

2012-01-04 03:14 . 2012-01-04 09:49 -------- d-----w- c:program files (x86)Opera

2012-01-04 00:56 . 2012-01-04 00:56 -------- d-----w- c:userslorreaAppDataLocalSecunia PSI

2012-01-04 00:55 . 2012-01-04 00:55 -------- d-----w- c:program files (x86)Secunia

2012-01-02 06:33 . 2012-01-02 06:33 -------- d-----w- c:userslorreaAppDataRoamingRealNetworks

2011-12-29 20:42 . 2011-12-07 00:22 28760 ----a-w- c:program files (x86)Mozilla FirefoxScriptFF.dll

2011-12-29 20:42 . 2011-10-15 19:16 10248 ----a-w- c:windowssystem32driversmfeclnk.sys

2011-12-29 20:41 . 2011-12-07 00:25 161168 ----a-w- c:windowssystem32mfevtps.exe

2011-12-29 20:41 . 2011-10-15 19:16 647080 ----a-w- c:windowssystem32driversmfehidk.sys

2011-12-29 20:41 . 2011-10-15 19:16 481768 ----a-w- c:windowssystem32driversmfefirek.sys

2011-12-29 20:41 . 2011-10-15 19:16 284648 ----a-w- c:windowssystem32driversmfewfpk.sys

2011-12-29 20:41 . 2011-10-15 19:16 229528 ----a-w- c:windowssystem32driversmfeavfk.sys

2011-12-29 20:41 . 2011-10-15 19:16 160280 ----a-w- c:windowssystem32driversmfeapfk.sys

2011-12-29 20:41 . 2011-10-15 19:16 100912 ----a-w- c:windowssystem32driversmferkdet.sys

2011-12-29 15:10 . 2011-03-30 18:47 49608 ----a-w- c:windowssystem32driversmfesmfk.sys

2011-12-29 14:28 . 2011-12-29 14:28 -------- d-----w- c:userslorreaAppDataRoamingMcAfee

2011-12-29 14:23 . 2012-01-01 15:54 -------- d-----w- c:program files (x86)Common FilesMcAfee

2011-12-29 14:23 . 2011-12-29 20:44 -------- d-----w- c:program filesMcAfee

2011-12-29 14:23 . 2011-12-29 20:43 -------- d-----w- c:program filesCommon FilesMcAfee

2011-12-29 14:23 . 2012-01-01 15:54 -------- d-----w- c:program files (x86)McAfee

2011-12-27 05:21 . 2011-12-27 05:21 -------- d-----w- c:program filesDIFX

2011-12-25 22:19 . 2012-01-09 13:24 -------- d-----w- c:programdataPCPitstop

2011-12-25 22:19 . 2011-12-25 22:19 -------- d-----w- c:program files (x86)PCPitstop

2011-12-25 02:15 . 2011-12-25 02:15 -------- d-----w- c:userslorreaAppDataLocalSymantec

2011-12-25 02:15 . 2011-07-15 23:35 225328 ----a-w- c:windowssystem32driverswpshelper.sys

2011-12-25 02:13 . 2011-12-25 02:13 172592 ----a-w- c:windowssystem32driversSYMEVENT64x86.SYS

2011-12-25 02:11 . 2011-12-25 02:13 -------- d-----w- c:program filesSymantec

2011-12-25 02:11 . 2011-12-25 02:11 -------- d-----w- c:program filesCommon FilesSymantec Shared

2011-12-25 02:11 . 2011-12-25 02:11 -------- d-----w- c:program files (x86)Symantec

2011-12-23 08:55 . 2011-11-21 11:40 8822856 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{BAE9E356-0E0B-4DC2-B369-368225CEFB49}mpengine.dll

2011-12-21 21:34 . 2011-12-21 21:34 -------- d-----w- c:userslorreaAppDataRoamingcom.blueprintcentral.keywordblaze

2011-12-21 21:34 . 2011-12-21 21:34 -------- d-----w- c:program files (x86)KeywordBlaze

2011-12-14 22:48 . 2011-10-25 16:09 85504 ----a-w- c:windowssystem32csrsrv.dll

2011-12-14 22:47 . 2011-11-08 14:58 2048 ----a-w- c:windowssystem32tzres.dll

2011-12-14 22:47 . 2011-11-08 14:42 2048 ----a-w- c:windowsSysWow64tzres.dll

2011-12-14 22:47 . 2011-10-14 17:30 559616 ----a-w- c:windowssystem32EncDec.dll

2011-12-14 22:47 . 2011-10-14 16:02 429056 ----a-w- c:windowsSysWow64EncDec.dll

2011-12-14 22:47 . 2011-11-23 13:57 2764800 ----a-w- c:windowssystem32win32k.sys

2011-12-14 22:46 . 2011-11-08 12:10 2409784 ----a-w- c:program filesWindows MailOESpamFilter.dat

2011-12-14 22:46 . 2011-11-08 12:10 2409784 ----a-w- c:program files (x86)Windows MailOESpamFilter.dat

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-21 21:33 . 2011-11-14 01:51 414368 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2011-12-10 22:24 . 2011-11-08 02:12 23152 ----a-w- c:windowssystem32driversmbam.sys

2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:windowsSysWow64QuickTimeVR.qtx

2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:windowsSysWow64QuickTime.qts

.

.

((((((((((((((((((((((((((((( [email protected]_21.19.31 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-21 03:20 . 2012-01-09 17:34 589824 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2008-01-21 03:20 . 2012-01-11 13:51 589824 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2009-10-02 12:47 . 2012-01-10 13:55 382454 c:windowssystem32WDISuspendPerformanceDiagnostics_SystemData_S3.bin

- 2008-01-21 03:20 . 2012-01-09 17:34 5668864 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2008-01-21 03:20 . 2012-01-11 13:51 5668864 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2008-01-21 03:20 . 2012-01-11 13:51 16187392 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

- 2008-01-21 03:20 . 2012-01-09 17:34 16187392 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2006-11-02 12:33 . 2012-01-11 11:04 11010048 c:windowssystem32SMIStoreMachineschema.dat

- 2006-11-02 12:33 . 2012-01-09 13:14 11010048 c:windowssystem32SMIStoreMachineschema.dat

+ 2012-01-11 16:13 . 2012-01-11 16:13 10895360 c:windowsERDNTHiv-backupschema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINEWow6432Node~Browser Helper Objects{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

c:program files (x86)Yontoo Layers RuntimeYontooIEClient.dll [bU]

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"PhotoshopElementsSyncAgent"="c:program files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsSyncAgent.exe" [2010-04-15 1779040]

"Jing"="c:program files (x86)TechSmithJingJing.exe" [2010-08-19 3069192]

"Akamai NetSession Interface"="c:userslorreaAppDataLocalAkamainetsession_win.exe" [2011-12-13 3305760]

"SpybotSD TeaTimer"="c:program files (x86)Spybot - Search & DestroyTeaTimer.exe" [2009-01-26 2144088]

"SUPERAntiSpyware"="c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe" [2011-12-09 5486464]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"WirelessAssistant"="c:program files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe" [2010-03-23 500792]

"UpdatePSTShortCut"="c:program files (x86)CyberLinkDVD SuiteMUITransferMUIStartMenu.exe" [2008-10-07 210216]

"UpdatePDIRShortCut"="c:program files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe" [2008-06-14 210216]

"UpdateP2GoShortCut"="c:program files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" [2008-06-14 210216]

"UpdateLBPShortCut"="c:program files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" [2008-06-14 210216]

"UCam_Menu"="c:program files (x86)CyberLinkYouCamMUITransferMUIStartMenu.exe" [2008-11-15 218408]

"TkBellExe"="c:program files (x86)RealRealPlayerUpdaterealsched.exe" [2011-10-16 273528]

"QuickTime Plugin Install"="c:program files (x86)QuickTimePluginsDeleteMe1.exe" [2010-03-15 86016]

"QPService"="c:program files (x86)HPQuickPlayQPService.exe" [2008-09-24 468264]

"QlbCtrl.exe"="c:program files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" [2009-11-24 323640]

"Malwarebytes' Anti-Malware"="c:program files (x86)Malwarebytes' Anti-Malwarembamgui.exe" [2011-12-25 460872]

"ICF"="c:program files (x86)Internet Content FilterSafeEyes.exe" [2010-09-24 1599208]

"HP Health Check Scheduler"="c:program files (x86)Hewlett-PackardHP Health CheckHPHC_Scheduler.exe" [2008-10-09 75008]

"Freecorder FLV Service"="c:program files (x86)FreecorderFLVSrvc.exe" [2011-03-24 167936]

"ccApp"="c:program files (x86)Common FilesSymantec SharedccApp.exe" [2010-01-25 115560]

"CarboniteSetupLite"="c:program files (x86)CarboniteCarbonitePreinstaller.exe" [2010-03-09 283792]

"CanonSolutionMenuEx"="c:program files (x86)CanonSolution Menu EXCNSEMAIN.EXE" [2010-04-02 1185112]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-11-02 59240]

"AppleSyncNotifier"="c:program files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe" [2011-11-02 59240]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2010-09-21 932288]

"Info Center"="c:program files (x86)PCPitstopInfo CenterInfoCenter.exe" [2011-09-26 24216]

"mcagent_exe"="c:program files (x86)McAfee.comAgentmcagent.exe" [2010-06-10 1218008]

"iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2011-12-08 421736]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRunOnce]

"Malwarebytes Anti-Malware"="c:program files (x86)Malwarebytes' Anti-Malwarembamgui.exe" [2011-12-25 460872]

.

c:userslorreaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

Jobulator.lnk - c:program files (x86)JobulatorJobulator.exe [2011-11-28 142336]

Yahoo! Widgets.lnk - c:program files (x86)Yahoo!WidgetsYahooWidgets.exe [2008-3-18 4742184]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

Audible Download Manager.lnk - c:program files (x86)AudibleBinAudibleDownloadHelper.exe [2009-12-17 1795488]

HP Digital Imaging Monitor.lnk - c:program files (x86)HpDigital Imagingbinhpqtra08.exe [2007-1-2 210520]

ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:program files (x86)PIXELAImageMixer 3 SE Ver.6Transfer UtilityCameraMonitor.exe [2011-6-5 537968]

McAfee Security Scan Plus.lnk - c:program files (x86)McAfee Security Scan3.0.250SSScheduler.exe [2011-12-9 272792]

Sub Sidekick.lnk - c:program files (x86)Sub Sidekicksubsidekick.exe [2011-7-31 354104]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]

@=""

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 0111611325191259mcinstcleanup;McAfee Application Installer Cleanup (0111611325191259);c:windowsTEMP011161~1.EXE [x]

R3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:program files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsFileAgent.exe [2008-09-16 169312]

S2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE64.EXE [2011-08-11 140672]

.

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:program files (x86)Common FilesLightScribeLSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-11 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-03-14 15:00]

.

2012-01-11 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-03-14 15:00]

.

2012-01-09 c:windowsTasksHPCeeScheduleForlorrea.job

- c:program files (x86)hewlett-packardsdpceementHPCEE.exe [2009-04-20 18:34]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-04-17 1237288]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2010-08-26 161304]

"CanonMyPrinter"="c:program filesCanonMyPrinterBJMyPrt.exe" [2010-03-25 2726728]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

uLocal Page = c:windowssystem32blank.htm

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:progra~2MICROS~2Office12EXCEL.EXE/3000

LSP: c:windowsSystem32icf.dll

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64browseui.dll

FF - ProfilePath - c:userslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.default

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20110940,16900,0,21,0

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(extentions.y2layers.installId, e8854a5b-128e-4e49-b611-49f3a4ae7184

FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,

.

.

[HKEY_LOCAL_MACHINEsystemControlSet002ServicesAkamai]

"ServiceDll"="c:program files (x86)common filesakamai/netsession_win_b427739.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS.DefaultSoftwareMicrosoftInternet ExplorerApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:20,8c,2b,00,4c,63,cc,01

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

@Denied: (A 2) (Everyone)

@SACL=

@="IFlashBroker"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}ProxyStubClsid]

@Denied: (A 2) (Everyone)

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINEsoftwareMcAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,

.

[HKEY_LOCAL_MACHINEsoftwareWow6432NodeClasses]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,

.

Completion time: 2012-01-11 10:09:16

ComboFix-quarantined-files.txt 2012-01-11 17:09

ComboFix2.txt 2012-01-10 15:07

ComboFix3.txt 2012-01-09 22:28

.

Pre-Run: 19,574,906,880 bytes free

Post-Run: 23,182,778,368 bytes free

.

- - End Of File - - F2F8FA3DF08314681C30FFDA41B8307E

Link to post
Share on other sites

Hi,

 

How is your system running? :)

----------

 

 

 

You have an older version of Adobe Reader. You can download the current version HERE

 

You may want to consider Foxit Reader instead. It may be a bit lighter on resources.

 

Visit their support forum

Foxit Forum

 

In either case you should uninstall Adobe Reader 9.4.4 first. Be sure to move any PDF documents to another folder first though.

----------

 

 

Please download JavaRa to your desktop and unzip it to its own

folder

  • Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then

    click Remove Older Versions.

  • Accept any prompts.
  • Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest

    Java Runtime Environment (JRE) version for your computer.

----------

 

Please run a new scan now with DDS and post both of the logs that are created into your next reply.

 

How is your system running? :)

Link to post
Share on other sites

Java and Adobe have been updated. Below are the logs from the DDS Scan:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_07

Run by lorrea at 12:56:51 on 2012-01-11

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.1362 [GMT -7:00]

.

AV: Symantec Endpoint Protection *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

.

============== Running Processes ===============

.

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32svchost.exe -k rpcss

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k GPSvcGroup

C:Windowssystem32SLsvc.exe

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32svchost.exe -k NetworkService

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Program FilesSUPERAntiSpywareSASCORE64.EXE

C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Program FilesBonjourmDNSResponder.exe

C:Program Files (x86)Flip VideoFlipShareFlipShareService.exe

C:Program Files (x86)Common FilesLightScribeLSSrvc.exe

C:Windowssystem32mfevtps.exe

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Windowssystem32svchost.exe -k imgsvc

C:WindowsSystem32svchost.exe -k WerSvcGroup

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

C:Windowssystem32DRIVERSxaudio64.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe

C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe

C:Windowssystem32taskeng.exe

C:Windowssystem32Dwm.exe

C:Windowssystem32taskeng.exe

C:WindowsSystem32alg.exe

C:Windowssystem32wbemunsecapp.exe

C:Windowssystem32wbemwmiprvse.exe

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:WindowsSystem32igfxtray.exe

C:Program FilesCanonMyPrinterBJMYPRT.EXE

C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsSyncAgent.exe

C:Program Files (x86)TechSmithJingJing.exe

C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe

C:Program Files (x86)AudibleBinAudibleDownloadHelper.exe

C:Program Files (x86)HpDigital Imagingbinhpqtra08.exe

C:Program Files (x86)McAfee Security Scan3.0.250SSScheduler.exe

C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe

C:Program Files (x86)HpQuickPlayQPService.exe

C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQLBCtrl.exe

C:Program Files (x86)FreecorderFLVSrvc.exe

C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE

C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe

C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe

C:Program Files (x86)McAfee.comAgentmcagent.exe

C:Program Files (x86)iTunesiTunesHelper.exe

C:Program Files (x86)Internet Content FilterSafeEyes.exe

C:Program FilesWindows Media Playerwmpnscfg.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:PROGRA~2McAfeeMSCmcmscsvc.exe

C:Windowssplwow64.exe

C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe

C:Windowssystem32wbemwmiprvse.exe

C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Program FilesiPodbiniPodService.exe

C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe

C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe

C:Program Files (x86)iTunesiTunes.exe

C:Program FilesSynapticsSynTPSynTPHelper.exe

C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceHelper.exe

C:Program Files (x86)Common FilesAppleApple Application Supportdistnoted.exe

C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe

C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe

C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe

C:Program Files (x86)Microsoft OfficeOffice12OUTLOOK.EXE

C:Windowssystem32taskeng.exe

C:WindowsExplorer.EXE

C:Program Files (x86)RealRealPlayerupdaterealsched.exe

C:Windowssystem32wuauclt.exe

C:Windowssystem32notepad.exe

C:Program Files (x86)Mozilla Firefoxfirefox.exe

C:Program Files (x86)Mozilla Firefoxplugin-container.exe

C:Windowssystem32msiexec.exe

C:Windowssystem32SearchIndexer.exe

C:Program Files (x86)Ask.comUpdaterUpdater.exe

C:Windowssystem32vssvc.exe

C:WindowsSystem32svchost.exe -k swprv

C:Windowssystem32taskeng.exe

C:Windowssystem32DllHost.exe

C:Windowssystem32DllHost.exe

C:WindowsSysWOW64cmd.exe

C:WindowsSysWOW64cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:Program Files (x86)Ask.comGenericAskToolbar.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:Program Files (x86)CanonEasy-WebPrint EXewpexbho.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:Program Files (x86)Common FilesMcAfeeSystemCoreScriptSn.20111229134205.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll

BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:Program Files (x86)Ask.comGenericAskToolbar.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:Program Files (x86)Yontoo Layers RuntimeYontooIEClient.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll

TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - C:Program Files (x86)Internet Content Filtersetoolbar.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:Program Files (x86)CanonEasy-WebPrint EXewpexhlp.dll

TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:Program Files (x86)Ask.comGenericAskToolbar.dll

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:Program Files (x86)CanonEasy-WebPrint EXewpexhlp.dll

uRun: [PhotoshopElementsSyncAgent] C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsSyncAgent.exe

uRun: [Jing] C:Program Files (x86)TechSmithJingJing.exe

uRun: [Akamai NetSession Interface] "C:UserslorreaAppDataLocalAkamainetsession_win.exe"

uRun: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe

uRun: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe

mRun: [WirelessAssistant] C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe

mRun: [updatePSTShortCut] "C:Program Files (x86)CyberLinkDVD SuiteMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkDVD Suite" UpdateWithCreateOnce "SoftwareCyberLinkPowerStarter"

mRun: [updatePDIRShortCut] "C:Program Files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPowerDirector" UpdateWithCreateOnce "SOFTWARECyberLinkPowerDirector7.0"

mRun: [updateP2GoShortCut] "C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPower2Go" UpdateWithCreateOnce "SOFTWARECyberLinkPower2Go6.0"

mRun: [updateLBPShortCut] "C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkLabelPrint" UpdateWithCreateOnce "SoftwareCyberLinkLabelPrint2.5"

mRun: [uCam_Menu] "C:Program Files (x86)CyberLinkYouCamMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkYouCam" UpdateWithCreateOnce "SoftwareCyberLinkYouCam2.0"

mRun: [TkBellExe] "C:Program Files (x86)RealRealPlayerUpdaterealsched.exe" -osboot

mRun: [QuickTime Plugin Install] "C:Program Files (x86)QuickTimePluginsDeleteMe1.exe"

mRun: [QPService] "C:Program Files (x86)HPQuickPlayQPService.exe"

mRun: [QlbCtrl.exe] "C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" /Start

mRun: [Malwarebytes' Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /starttray

mRun: [iCF] "C:Program Files (x86)Internet Content FilterSafeEyes.exe"

mRun: [HP Health Check Scheduler] c:Program Files (x86)Hewlett-PackardHP Health CheckHPHC_Scheduler.exe

mRun: [Freecorder FLV Service] "C:Program Files (x86)FreecorderFLVSrvc.exe" /run

mRun: [ccApp] "C:Program Files (x86)Common FilesSymantec SharedccApp.exe"

mRun: [CarboniteSetupLite] "C:Program Files (x86)CarboniteCarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800

mRun: [CanonSolutionMenuEx] "C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE" /logon

mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun: [AppleSyncNotifier] C:Program Files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe

mRun: [info Center] "C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe"

mRun: [mcagent_exe] "C:Program Files (x86)McAfee.comAgentmcagent.exe" /runkey

mRun: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [ApnUpdater] "C:Program Files (x86)Ask.comUpdaterUpdater.exe"

mRunOnce: [Malwarebytes Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /install /silent

StartupFolder: C:UserslorreaAppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupJOBULA~1.LNK - C:Program Files (x86)JobulatorJobulator.exe

StartupFolder: C:UserslorreaAppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupYAHOO!~1.LNK - C:Program Files (x86)Yahoo!WidgetsYahooWidgets.exe

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupAUDIBL~1.LNK - C:Program Files (x86)AudibleBinAudibleDownloadHelper.exe

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupHPDIGI~1.LNK - C:Program Files (x86)HpDigital Imagingbinhpqtra08.exe

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupIMAGEM~1.LNK - C:Program Files (x86)PIXELAImageMixer 3 SE Ver.6Transfer UtilityCameraMonitor.exe

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupMCAFEE~1.LNK - C:Program Files (x86)McAfee Security Scan3.0.250SSScheduler.exe

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupSUBSID~1.LNK - C:Program Files (x86)Sub Sidekicksubsidekick.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:Program Files (x86)Javajre1.6.0_07binssv.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:PROGRA~2MICROS~2Office12REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll

LSP: C:WindowsSystem32icf.dll

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces{0CA4EE89-1E16-4135-80DE-B7E4553CD477} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces{4C49B35F-E7AF-40C8-9C33-4080F3F93CAB} : DhcpNameServer = 172.16.68.215 172.16.68.215

TCP: Interfaces{E658EB1E-040B-44C5-B679-4F23FC048BB0} : DhcpNameServer = 172.16.64.215 172.16.64.215

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:Program Files (x86)Common FilesLightScribeLSRunOnce.exe"

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:Program Files (x86)CanonEasy-WebPrint EXewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program Files (x86)Common FilesMcAfeeSystemCoreScriptSn.20111229134205.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll

BHO-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program Files (x86)Ask.comGenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:Program Files (x86)Yontoo Layers RuntimeYontooIEClient.dll

BHO-X64: Yontoo Layers - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll

TB-X64: Safe &Eyes Toolbar: {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:Program Files (x86)Internet Content Filtersetoolbar.dll

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:Program Files (x86)CanonEasy-WebPrint EXewpexhlp.dll

TB-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program Files (x86)Ask.comGenericAskToolbar.dll

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [WirelessAssistant] C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe

mRun-x64: [updatePSTShortCut] "C:Program Files (x86)CyberLinkDVD SuiteMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkDVD Suite" UpdateWithCreateOnce "SoftwareCyberLinkPowerStarter"

mRun-x64: [updatePDIRShortCut] "C:Program Files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPowerDirector" UpdateWithCreateOnce "SOFTWARECyberLinkPowerDirector7.0"

mRun-x64: [updateP2GoShortCut] "C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPower2Go" UpdateWithCreateOnce "SOFTWARECyberLinkPower2Go6.0"

mRun-x64: [updateLBPShortCut] "C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkLabelPrint" UpdateWithCreateOnce "SoftwareCyberLinkLabelPrint2.5"

mRun-x64: [uCam_Menu] "C:Program Files (x86)CyberLinkYouCamMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkYouCam" UpdateWithCreateOnce "SoftwareCyberLinkYouCam2.0"

mRun-x64: [TkBellExe] "C:Program Files (x86)RealRealPlayerUpdaterealsched.exe" -osboot

mRun-x64: [QuickTime Plugin Install] "C:Program Files (x86)QuickTimePluginsDeleteMe1.exe"

mRun-x64: [QPService] "C:Program Files (x86)HPQuickPlayQPService.exe"

mRun-x64: [QlbCtrl.exe] "C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" /Start

mRun-x64: [Malwarebytes' Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /starttray

mRun-x64: [iCF] "C:Program Files (x86)Internet Content FilterSafeEyes.exe"

mRun-x64: [HP Health Check Scheduler] c:Program Files (x86)Hewlett-PackardHP Health CheckHPHC_Scheduler.exe

mRun-x64: [Freecorder FLV Service] "C:Program Files (x86)FreecorderFLVSrvc.exe" /run

mRun-x64: [ccApp] "C:Program Files (x86)Common FilesSymantec SharedccApp.exe"

mRun-x64: [CarboniteSetupLite] "C:Program Files (x86)CarboniteCarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800

mRun-x64: [CanonSolutionMenuEx] "C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.EXE" /logon

mRun-x64: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun-x64: [AppleSyncNotifier] C:Program Files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe

mRun-x64: [info Center] "C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe"

mRun-x64: [mcagent_exe] "C:Program Files (x86)McAfee.comAgentmcagent.exe" /runkey

mRun-x64: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

mRun-x64: [(Default)]

mRun-x64: [ApnUpdater] "C:Program Files (x86)Ask.comUpdaterUpdater.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /install /silent

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:UserslorreaAppDataRoamingMozillaFirefoxProfilesizf5kge9.default

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20110940,16900,0,21,0

FF - plugin: C:Program Files (x86)CanonEasy-PhotoPrint EXNPEZFFPI.DLL

FF - plugin: C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll

FF - plugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll

FF - plugin: C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll

FF - plugin: C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll

FF - plugin: C:Program Files (x86)McAfeeSupportabilityMVTNPMVTPlugin.dll

FF - plugin: c:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrlui.dll

FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsnpCouponPrinter.dll

FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsnpdeployJava1.dll

FF - plugin: C:Program Files (x86)Mozilla Firefoxpluginsnpdnu.dll

FF - plugin: C:Program Files (x86)Mozilla Firefoxpluginsnpdnupdater2.dll

FF - plugin: C:Program Files (x86)Mozilla Firefoxpluginsnpyaxmpb.dll

FF - plugin: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll

FF - plugin: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll

FF - plugin: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll

FF - plugin: C:UserslorreaAppDataLocalRobloxVersionsversion-7abe764230c5492dNPRobloxProxy.dll

FF - plugin: C:UserslorreaAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll

FF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(extentions.y2layers.installId, e8854a5b-128e-4e49-b611-49f3a4ae7184

FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:Windowssystem32driversmfehidk.sys --> C:Windowssystem32driversmfehidk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:Windowssystem32driversmfewfpk.sys --> C:Windowssystem32driversmfewfpk.sys [?]

R1 SASDIFSV;SASDIFSV;C:Program FilesSUPERAntiSpywaresasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:Program FilesSUPERAntiSpywaresaskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:Program FilesSUPERAntiSpywareSASCore64.exe [2011-8-11 140672]

R2 FontCache;Windows Font Cache Service;C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:Windowssystem32mfevtps.exe" --> C:Windowssystem32mfevtps.exe [?]

R2 SBSDWSCService;SBSD Security Center Service;C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe [2012-1-5 1153368]

R3 CAXHWAZL;CAXHWAZL;C:Windowssystem32DRIVERSCAXHWAZL.sys --> C:Windowssystem32DRIVERSCAXHWAZL.sys [?]

R3 Com4QLBEx;Com4QLBEx;C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe [2009-4-20 227896]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:Windowssystem32driversIntcHdmi.sys --> C:Windowssystem32driversIntcHdmi.sys [?]

R3 MBAMProtector;MBAMProtector;??C:Windowssystem32driversmbam.sys --> C:Windowssystem32driversmbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:Windowssystem32driversmfeavfk.sys --> C:Windowssystem32driversmfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:Windowssystem32driversmfefirek.sys --> C:Windowssystem32driversmfefirek.sys [?]

R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:Windowssystem32DRIVERSNETw5v64.sys --> C:Windowssystem32DRIVERSNETw5v64.sys [?]

S2 0111611325191259mcinstcleanup;McAfee Application Installer Cleanup (0111611325191259);C:WindowsTEMP011161~1.EXE C:PROGRA~2COMMON~1McAfeeINSTAL~1cleanup.ini -cleanup -nolog -service --> C:WindowsTEMP011161~1.EXE C:PROGRA~2COMMON~1McAfeeINSTAL~1cleanup.ini -cleanup -nolog -service [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]

S2 DVDRIVER;DVdriver;C:Windowssystem32DRIVERSdvdriver.sys --> C:Windowssystem32DRIVERSdvdriver.sys [?]

S2 MBAMService;MBAMService;C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2011-11-7 652872]

S2 McShield;McAfee Real-time Scanner;C:PROGRA~1McAfeeVIRUSS~1McShield.exe [2011-12-29 156480]

S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:Program Files (x86)AdobePhotoshop Elements 7.0PhotoshopElementsFileAgent.exe [2008-9-16 169312]

S3 Akamai;Akamai NetSession Interface;C:WindowsSystem32svchost.exe -k Akamai [2008-1-20 21504]

S3 FlipShareServer;FlipShare Server;C:Program Files (x86)Flip VideoFlipShareServerFlipShareServer.exe [2011-5-6 1085440]

S3 fssfltr;FssFltr;C:Windowssystem32DRIVERSfssfltr.sys --> C:Windowssystem32DRIVERSfssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:Program Files (x86)Windows LiveFamily Safetyfsssvc.exe [2010-9-23 1493352]

S3 gupdate;Google Update Service (gupdate);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-3-14 136176]

S3 gupdatem;Google Update Service (gupdatem);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-3-14 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:Program Files (x86)McAfee Security Scan3.0.250McCHSvc.exe [2011-12-9 237272]

S3 McSysmon;McAfee SystemGuards;C:PROGRA~2McAfeeVIRUSS~1mcsysmon.exe [2011-12-29 606736]

S3 mferkdet;McAfee Inc. mferkdet;C:Windowssystem32driversmferkdet.sys --> C:Windowssystem32driversmferkdet.sys [?]

S3 mferkdk;McAfee Inc. mferkdk;C:Windowssystem32driversmferkdk.sys --> C:Windowssystem32driversmferkdk.sys [?]

S3 mfesmfk;McAfee Inc. mfesmfk;C:Windowssystem32driversmfesmfk.sys --> C:Windowssystem32driversmfesmfk.sys [?]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:Windowssystem32DRIVERSnetaapl64.sys --> C:Windowssystem32DRIVERSnetaapl64.sys [?]

S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:Windowssystem32DRIVERSNETw3v64.sys --> C:Windowssystem32DRIVERSNETw3v64.sys [?]

S3 PCPitstop Scheduling;PCPitstop Scheduling;C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe [2011-12-25 91816]

S3 PerfHost;Performance Counter DLL Host;C:WindowsSysWOW64perfhost.exe [2008-1-20 19968]

S3 Recovery Service for Windows;Recovery Service for Windows;C:Program Files (x86)SMINSTBLService.exe [2009-4-20 365952]

S3 seUpdateSvc;Safe Eyes Update Service;C:Program Files (x86)Internet Content FilterUpdateService.exe [2010-8-3 233472]

S3 USBAAPL64;Apple Mobile USB Driver;C:Windowssystem32Driversusbaapl64.sys --> C:Windowssystem32Driversusbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:WindowsMicrosoft.NETFramework64v4.0.30319WPFWPFFontCache_v0400.exe [2010-3-18 1020768]

S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:Windowssystem32DRIVERSyk60x64.sys --> C:Windowssystem32DRIVERSyk60x64.sys [?]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe [2011-4-29 89920]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:Program FilesWindows LiveMeshwlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

JSEFile=C:WindowsSysWOW64WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-01-11 19:55:18 750488 ----a-w- C:WindowsSystem32npdeployJava1.dll

2012-01-11 19:55:18 660368 ----a-w- C:WindowsSystem32deployJava1.dll

2012-01-11 19:45:08 -------- d-----w- C:Program Files (x86)Ask.com

2012-01-11 19:44:56 -------- d-----w- C:UserslorreaAppDataLocalAPN

2012-01-11 19:44:44 -------- d-----w- C:Program Files (x86)Foxit Software

2012-01-11 17:35:44 626688 ----a-w- C:Program Files (x86)Mozilla Firefoxmsvcr80.dll

2012-01-11 17:35:44 548864 ----a-w- C:Program Files (x86)Mozilla Firefoxmsvcp80.dll

2012-01-11 17:35:44 479232 ----a-w- C:Program Files (x86)Mozilla Firefoxmsvcm80.dll

2012-01-11 17:35:44 43992 ----a-w- C:Program Files (x86)Mozilla Firefoxmozutils.dll

2012-01-10 16:03:01 -------- d-----w- C:Program Files (x86)ESET

2012-01-09 20:44:27 98816 ----a-w- C:Windowssed.exe

2012-01-09 20:44:27 518144 ----a-w- C:WindowsSWREG.exe

2012-01-09 20:44:27 256000 ----a-w- C:WindowsPEV.exe

2012-01-09 20:44:27 208896 ----a-w- C:WindowsMBR.exe

2012-01-09 15:21:19 388096 ----a-r- C:UserslorreaAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2012-01-09 15:21:19 -------- d-----w- C:Program Files (x86)Trend Micro

2012-01-09 05:09:11 -------- d-----w- C:UserslorreaAppDataRoamingSUPERAntiSpyware.com

2012-01-09 05:08:53 -------- d-----w- C:ProgramDataSUPERAntiSpyware.com

2012-01-09 05:08:53 -------- d-----w- C:Program FilesSUPERAntiSpyware

2012-01-06 20:56:28 -------- d-----w- C:UserslorreaAppDataLocalCrashDumps

2012-01-06 02:01:23 -------- d-----w- C:ProgramDataSpybot - Search & Destroy

2012-01-06 02:01:23 -------- d-----w- C:Program Files (x86)Spybot - Search & Destroy

2012-01-06 01:58:15 -------- d-----w- C:Program FilesiPod

2012-01-06 01:54:51 -------- d-----w- C:Program FilesiTunes

2012-01-05 12:47:30 -------- d-----w- C:UserslorreaAppDataLocalNPE

2012-01-05 00:39:08 41160 ----a-w- C:WindowsSystem32driversmferkdk.sys

2012-01-04 03:21:44 -------- d-----w- C:UserslorreaAppDataLocalOpera

2012-01-04 00:56:43 -------- d-----w- C:UserslorreaAppDataLocalSecunia PSI

2012-01-04 00:55:39 -------- d-----w- C:Program Files (x86)Secunia

2012-01-02 06:33:37 -------- d-----w- C:UserslorreaAppDataRoamingRealNetworks

2012-01-01 16:59:29 -------- d-----w- C:Program FilesiPod(172)

2011-12-29 20:43:26 -------- d-----w- C:Program FilesMcAfee.com

2011-12-29 20:42:05 28760 ----a-w- C:Program Files (x86)Mozilla FirefoxScriptFF.dll

2011-12-29 20:42:03 10248 ----a-w- C:WindowsSystem32driversmfeclnk.sys

2011-12-29 20:41:26 161168 ----a-w- C:WindowsSystem32mfevtps.exe

2011-12-29 20:41:21 647080 ----a-w- C:WindowsSystem32driversmfehidk.sys

2011-12-29 20:41:21 481768 ----a-w- C:WindowsSystem32driversmfefirek.sys

2011-12-29 20:41:21 284648 ----a-w- C:WindowsSystem32driversmfewfpk.sys

2011-12-29 20:41:21 229528 ----a-w- C:WindowsSystem32driversmfeavfk.sys

2011-12-29 20:41:21 160280 ----a-w- C:WindowsSystem32driversmfeapfk.sys

2011-12-29 20:41:21 100912 ----a-w- C:WindowsSystem32driversmferkdet.sys

2011-12-29 15:10:01 49608 ----a-w- C:WindowsSystem32driversmfesmfk.sys

2011-12-29 14:28:26 -------- d-----w- C:UserslorreaAppDataRoamingMcAfee

2011-12-29 14:23:53 -------- d-----w- C:Program Files (x86)Common FilesMcAfee

2011-12-29 14:23:49 -------- d-----w- C:Program FilesMcAfee

2011-12-29 14:23:48 -------- d-----w- C:Program FilesCommon FilesMcAfee

2011-12-29 14:23:48 -------- d-----w- C:Program Files (x86)McAfee.com

2011-12-29 14:23:45 -------- d-----w- C:Program Files (x86)McAfee

2011-12-25 22:53:29 -------- d-----w- C:ProgramDataPCPitstopDat

2011-12-25 22:19:40 -------- d-----w- C:ProgramDataPCPitstop

2011-12-25 22:19:38 -------- d-----w- C:Program Files (x86)PCPitstop

2011-12-25 02:15:29 -------- d-----w- C:UserslorreaAppDataLocalSymantec

2011-12-25 02:15:22 225328 ----a-w- C:WindowsSystem32driverswpshelper.sys

2011-12-25 02:13:01 172592 ----a-w- C:WindowsSystem32driversSYMEVENT64x86.SYS

2011-12-25 02:11:52 -------- d-----w- C:Program FilesSymantec

2011-12-25 02:11:08 -------- d-----w- C:Program FilesCommon FilesSymantec Shared

2011-12-25 02:11:07 -------- d-----w- C:Program Files (x86)Symantec

2011-12-23 08:55:43 8822856 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{BAE9E356-0E0B-4DC2-B369-368225CEFB49}mpengine.dll

2011-12-21 21:34:59 -------- d-----w- C:UserslorreaAppDataRoamingcom.blueprintcentral.keywordblaze

2011-12-21 21:34:51 -------- d-----w- C:Program Files (x86)KeywordBlaze

2011-12-14 22:48:33 85504 ----a-w- C:WindowsSystem32csrsrv.dll

2011-12-14 22:47:58 2048 ----a-w- C:WindowsSysWow64tzres.dll

2011-12-14 22:47:58 2048 ----a-w- C:WindowsSystem32tzres.dll

2011-12-14 22:47:48 559616 ----a-w- C:WindowsSystem32EncDec.dll

2011-12-14 22:47:48 429056 ----a-w- C:WindowsSysWow64EncDec.dll

2011-12-14 22:47:46 2764800 ----a-w- C:WindowsSystem32win32k.sys

2011-12-14 22:46:03 2409784 ----a-w- C:Program FilesWindows MailOESpamFilter.dat

2011-12-14 22:46:03 2409784 ----a-w- C:Program Files (x86)Windows MailOESpamFilter.dat

.

==================== Find3M ====================

.

2011-12-21 21:33:08 414368 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl

2011-12-10 22:24:08 23152 ----a-w- C:WindowsSystem32driversmbam.sys

2011-11-04 01:53:39 2309120 ----a-w- C:WindowsSystem32jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:WindowsSystem32wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:WindowsSystem32inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:WindowsSystem32mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:WindowsSysWow64jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:WindowsSysWow64inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:WindowsSysWow64wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb

2011-10-24 21:29:02 94208 ----a-w- C:WindowsSysWow64QuickTimeVR.qtx

2011-10-24 21:29:02 69632 ----a-w- C:WindowsSysWow64QuickTime.qts

.

============= FINISH: 12:57:26.92 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: DeviceHarddiskVolume1

Install Date: 8/10/2009 8:45:25 AM

System Uptime: 1/9/2012 2:17:29 PM (46 hours ago)

.

Motherboard: Wistron | | 3612

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | CPU | 2100/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 286 GiB total, 21.154 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 1.955 GiB free.

E: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C6100 series

Device ID: ROOTMULTIFUNCTION0000

Manufacturer: HP

Name: Photosmart C6100 series

PNP Device ID: ROOTMULTIFUNCTION0000

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C7200 series

Device ID: ROOTMULTIFUNCTION0001

Manufacturer: HP

Name: Photosmart C7200 series

PNP Device ID: ROOTMULTIFUNCTION0001

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C6100 series

Device ID: ROOTMULTIFUNCTION0002

Manufacturer: HP

Name: Photosmart C6100 series

PNP Device ID: ROOTMULTIFUNCTION0002

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOTMULTIFUNCTION0003

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOTMULTIFUNCTION0003

Service:

.

==== System Restore Points ===================

.

RP683: 1/7/2012 2:00:17 PM - Windows Update

RP684: 1/9/2012 6:52:49 AM - Scheduled Checkpoint

RP685: 1/9/2012 8:18:59 AM - Installed HiJackThis

RP686: 1/11/2012 7:20:16 AM - Scheduled Checkpoint

RP687: 1/11/2012 12:39:59 PM - Removed Adobe Reader 9.4.4.

RP688: 1/11/2012 12:47:05 PM - Removed Java 6 Update 29

RP689: 1/11/2012 12:54:39 PM - Installed Java 7 Update 2 (64-bit)

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

3ivx MPEG-4 5.0.3 (remove only)

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe ConnectNow Add-in

Adobe Flash Player 11 ActiveX

Adobe Photoshop Elements 7.0

Adobe Photoshop.com Inspiration Browser

Adobe Shockwave Player 11.5

AIO_CDA_ProductContext

AIO_CDA_Software

AIO_Scan

Akamai NetSession Interface

Akamai NetSession Interface Service

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Software Update

Ask Toolbar

Audacity 1.3.12 (Unicode)

Audible Download Manager

AviSynth 2.5

AVS Update Manager 1.0

AVS Video Converter 7

AVS4YOU Software Navigator 1.4

Belkin N+ Wireless USB Adapter

Blender (remove only)

BufferChm

C6100

c6100_Help

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MP Navigator EX 4.0

Canon MP280 series User Registration

Canon My Printer

Canon Solution Menu EX

Carbonite Online Backup Setup

Charlie Church Mouse Kindergarten 1.0

Charlie Church Mouse Preschool 1.2

Clip Art Collection

Compatibility Pack for the 2007 Office system

Copy

Coupon Printer for Windows

Cozi Outlook Toolbar

CustomerResearchQFolder

CyberLink DVD Suite

CyberLink YouCam

D3DX10

Destinations

DeviceManagementQFolder

DocProc

DocProcQFolder

Download Updater (AOL LLC)

DVD Decrypter (Remove Only)

ESET Online Scanner v3

ESU for Microsoft Vista

eSupportQFolder

Fax

FileZilla Client 3.5.0

FlipShare

Foxit PDF Creator Toolbar Updater

Foxit Reader 5.1

Freecorder 5

Google Chrome

Google Earth Plug-in

Google Update Helper

GoToMeeting 4.8.0.723

GPL Ghostscript Lite 8.70

Handbrake 0.9.4

HiJackThis

Homeschool Tracker Basic

Homeschool Tracker Plus

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Advisor

HP Customer Experience Enhancements

HP Doc Viewer

HP DVD Play 3.7

HP Help and Support

HP Photosmart Essential

HP Product Assistant

HP Quick Launch Buttons

HP Total Care Setup

HP Update

HP User Guides 0118

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPProductAssistant

HPSSupply

ImageMixer 3 SE Ver.6 Transfer Utility

ImageMixer 3 SE Ver.6 Video Tools

Info Center 1.0.0.7

iSEEK AnswerWorks English Runtime

Java 6 Update 7

Jing

Jobulator

Junk Mail filter update

Juno Preloader

Keyword Blaze

Keyword Blueprint 2

KeywordBlueprint

LabelCreator Pro

LabelPrint

LEGO Digital Designer

LightScribe System Software 1.14.17.1

LightScribe Template Labeler

Livestream Procaster

LiveUpdate 3.3 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.60.0.1800

MarketResearch

McAfee Security Scan Plus

McAfee SecurityCenter

McAfee Virtual Technician

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Live Search Toolbar

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Ultimate 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Works

Mozilla Firefox 9.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee Reveal

My HP Games

NetAssistant

NetAssistant for Firefox

NetWaiting

NetZero Preloader

Nvu 1.0PR

Omron Health Management Software

PC Matic 1.1.0.44

Power2Go

PowerDirector

Punctuation Puzzler Commas and More A1

QLBCASL

Quarter Mile Math Level 2

Quicken 2008

QuickTime

Readerware

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

Roblox for lorrea

Safari

Safe Eyes

Scan

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Segoe UI

SmartSound Quicktracks for Premiere Elements 8.0

SolutionCenter

Spelling Dictionaries Support For Adobe Reader 9

SPORE Creature Creator Trial Edition

Spybot - Search & Destroy

Status

Sub Sidekick

Timez Attack Launcher

Toolbox

TrayApp

TurboTax 2008

TurboTax 2008 waziper

TurboTax 2008 WinPerFedFormset

TurboTax 2008 WinPerProgramHelp

TurboTax 2008 WinPerReleaseEngine

TurboTax 2008 WinPerTaxSupport

TurboTax 2008 WinPerUserEducation

TurboTax 2008 wrapper

TurboTax 2009

TurboTax 2009 waziper

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 waziper

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

TweetDeck

Unity Web Player

UnloadSupport

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2596560)

Videora iPod Converter 5.04

Vimeo Uploader

Visual Studio 2005 Tools for Office Second Edition Runtime

WD Diagnostics

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

XPS2OneNote

Yahoo! Install Manager

Yahoo! Widgets

.

==== End Of File ===========================

Link to post
Share on other sites

It seems to be running fine except some slow browser activity. The scary part of all this was that there were no real signs of infection other than my security software coming up with repeat Trojan removal notifications.

Did you post in the wrong topic??
Link to post
Share on other sites

I ran a Pc Pitstop scan last night and am concerned becuase it came up with the following log. The biggest concern is in the security section becuase that is the same virus name that kept popping up when this all started:

 

Performance

  • 2 MB's of junk contained in 77 different files was removed.
  • Internet settings were up to date. (no action taken)
  • No Performance tweaks required. (no action taken)
  • No craplets identified (no action taken)
  • No unoptimized services identified (no action taken)
  • C Drive
  • Total Fragmentation went from 25.68% to 25.66%.
  • Data Fragmentation went from 28.56% to 28.54%.
  • C:UserslorreaVideosFlipShare DataVideosVID03689.mp4 is no longer highly fragmented.
Security

  • 2 malware identified and removed
  • Trojan.Win32.Generic!BT was detected as Trojan and removed.
  • Trojan.Win32.Generic!BT was detected as Trojan and removed.
Stability

  • Drivers were up to date (no action taken)
  • 3 registry fixes applied
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
×
×
  • Create New...