bakeumsj

OTL logfile created on: 1/3/2013 5:56:23 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebastien\Downloads 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.99 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.45% Memory free 9.85 Gb Paging File | 8.24 Gb Available in Paging File | 83.69% Paging File free Paging file location(s): c:\pagefile.sys 6127 6127 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 228.57 Gb Total Space | 44.20 Gb Free Space | 19.34% Space Free | Partition Type: NTFS Drive E: | 236.82 Gb Total Space | 126.39 Gb Free Space | 53.37% Space Free | Partition Type: FAT32 Computer Name: VISTA64-PC | User Name: Sebastien | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sebastien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Users\Sebastien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Sebastien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppleOSSMgr) -- C:\Windows\SysNative\AppleOSSMgr.exe () SRV:64bit: - (AppleTimeSrv) -- C:\Windows\SysNative\AppleTimeSrv.exe (Apple Inc.) SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (getPlus® -- C:\Program Files (x86)\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.) SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (KeyAgent) -- C:\Windows\SysNative\drivers\KeyAgent.sys (Apple Inc.) DRV:64bit: - (KeyMagic) -- C:\Windows\SysNative\DRIVERS\KeyMagic.sys (Apple Inc.) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (MacHALDriver) -- C:\Windows\SysNative\drivers\MacHALDriver.sys (Apple Inc.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corp.) DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corp.) DRV:64bit: - (applebt) -- C:\Windows\SysNative\DRIVERS\applebt.sys (Apple Inc.) DRV:64bit: - (BthKicker) -- C:\Windows\SysNative\DRIVERS\BthKicker.sys (Apple Inc.) DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation) DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\..\SearchScopes\{3781B725-5CB7-46CE-9DBF-4EBA7B145C37}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: gbeiffzcra%40gbeiffzcra.org:2.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/30 01:35:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/30 01:35:51 | 000,000,000 | ---D | M] [2009/06/02 17:06:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastien\AppData\Roaming\Mozilla\Extensions [2012/11/22 00:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastien\AppData\Roaming\Mozilla\Firefox\Profiles\k9ao8dun.default\extensions [2011/03/03 19:27:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sebastien\AppData\Roaming\Mozilla\Firefox\Profiles\k9ao8dun.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/06/02 18:49:59 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Sebastien\AppData\Roaming\Mozilla\Firefox\Profiles\k9ao8dun.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [1618/10/24 08:54:01 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Sebastien\AppData\Roaming\Mozilla\Firefox\Profiles\k9ao8dun.default\extensions\gbeiffzcra@gbeiffzcra.org.xpi [2012/12/30 01:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/12/30 01:35:54 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/09/15 08:22:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/26 15:51:47 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2013/01/03 01:46:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O3 - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-315456852-2602044955-3816073578-1000..\Run: [spotify Web Helper] C:\Users\Sebastien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - Startup: C:\Users\Sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-315456852-2602044955-3816073578-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66D346A8-66EC-4C16-AAE7-577FD2821791}: DhcpNameServer = 75.75.76.76 75.75.75.75 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A45B1322-678A-4533-A3B4-ACF1D2BDCB40}: DhcpNameServer = 75.75.76.76 75.75.75.75 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D016123C-13DE-4E58-9E2F-F66AEDDE2567}: DhcpNameServer = 75.75.76.76 75.75.75.75 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation) O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock) O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock) O24 - Desktop WallPaper: C:\Users\Sebastien\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp O24 - Desktop BackupWallPaper: C:\Users\Sebastien\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/01/03 01:51:37 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/01/03 01:46:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013/01/03 01:33:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/01/03 01:33:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/01/03 01:33:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/01/03 01:33:43 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/01/03 01:32:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/01/03 01:03:43 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\Desktop\RK_Quarantine [2012/12/31 14:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/12/31 14:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/12/31 14:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/12/31 14:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/12/30 05:56:26 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012/12/30 05:56:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012/12/30 05:56:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winusb.dll [2012/12/30 05:56:24 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012/12/30 05:56:23 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012/12/30 05:56:23 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012/12/30 05:56:23 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012/12/30 05:42:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/12/30 05:42:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/12/30 05:42:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/12/30 05:42:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/12/30 05:42:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/12/30 05:42:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/12/30 05:42:29 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/12/30 05:42:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/12/30 05:42:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/12/30 05:42:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/12/30 05:42:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/12/30 05:42:28 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/12/30 05:42:28 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/12/30 05:42:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/12/30 05:42:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/12/30 05:40:49 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012/12/30 05:40:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2012/12/30 05:32:35 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/30 05:32:35 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/30 05:32:35 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/30 05:32:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/30 05:30:29 | 001,268,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/12/30 05:30:29 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012/12/30 05:30:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll [2012/12/30 05:30:18 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012/12/30 05:30:18 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll [2012/12/30 05:30:05 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/12/30 05:30:03 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/12/30 05:30:01 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012/12/30 05:30:00 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2012/12/30 05:30:00 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2012/12/30 05:30:00 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2012/12/30 05:30:00 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2012/12/30 05:29:57 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012/12/30 05:29:56 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012/12/30 05:29:54 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012/12/30 05:29:53 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012/12/30 05:29:53 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012/12/30 05:24:11 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012/12/30 05:24:11 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012/12/30 05:24:11 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll [2012/12/30 05:24:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe [2012/12/30 05:24:11 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe [2012/12/30 01:35:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/12/29 16:32:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2012/12/28 23:45:11 | 000,000,000 | ---D | C] -- C:\Users\Sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse [2009/02/11 15:56:21 | 000,240,128 | ---- | C] (PARADOX) -- C:\Users\Sebastien\AppData\Local\royal86.sys ========== Files - Modified Within 30 Days ========== [2013/01/03 17:53:32 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/03 17:53:31 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/03 17:53:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/03 10:36:37 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013/01/03 10:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/03 01:51:23 | 000,755,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/03 01:51:23 | 000,640,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/03 01:51:23 | 000,118,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/03 01:46:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/01/03 01:32:40 | 000,003,600 | ---- | M] () -- C:\Users\Sebastien\Desktop\New Rich Text Document.rtf [2013/01/03 01:07:16 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI [2013/01/02 22:36:10 | 000,000,000 | ---- | M] () -- C:\Users\Sebastien\defogger_reenable [2012/12/31 15:12:05 | 000,046,592 | ---- | M] () -- C:\Users\Sebastien\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/12/31 14:38:38 | 000,888,885 | ---- | M] () -- C:\Users\Sebastien\AppData\Local\census.cache [2012/12/31 14:37:03 | 000,247,704 | ---- | M] () -- C:\Users\Sebastien\AppData\Local\ars.cache [2012/12/31 14:31:47 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new [2012/12/31 14:15:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\z [2012/12/31 14:15:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiuxpag.dll [2012/12/31 14:15:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiu9pag.dll [2012/12/31 14:15:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atidxx32.dll [2012/12/31 14:15:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\aticfx32.dll [2012/12/31 14:10:57 | 000,000,036 | ---- | M] () -- C:\Users\Sebastien\AppData\Local\housecall.guid.cache [2012/12/30 13:34:10 | 000,238,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/12/30 06:00:55 | 000,000,127 | ---- | M] () -- C:\Windows\SysNative\MRT.INI [2012/12/30 05:40:18 | 000,750,820 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/12/28 23:45:11 | 000,000,318 | ---- | M] () -- C:\Users\Sebastien\Desktop\Curse Client.appref-ms [2012/12/16 06:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/16 06:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/16 04:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/16 03:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2013/01/03 01:33:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/01/03 01:33:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/01/03 01:33:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/01/03 01:33:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/01/03 01:33:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/01/03 01:04:45 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2013/01/03 00:53:36 | 000,003,600 | ---- | C] () -- C:\Users\Sebastien\Desktop\New Rich Text Document.rtf [2013/01/02 22:36:10 | 000,000,000 | ---- | C] () -- C:\Users\Sebastien\defogger_reenable [2012/12/31 14:38:38 | 000,888,885 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\census.cache [2012/12/31 14:37:03 | 000,247,704 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\ars.cache [2012/12/31 14:15:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\z [2012/12/31 14:15:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiuxpag.dll [2012/12/31 14:15:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiu9pag.dll [2012/12/31 14:15:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atidxx32.dll [2012/12/31 14:15:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\aticfx32.dll [2012/12/31 14:10:57 | 000,000,036 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\housecall.guid.cache [2012/12/30 06:00:55 | 000,000,127 | ---- | C] () -- C:\Windows\SysNative\MRT.INI [2012/12/30 05:56:28 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/12/30 05:56:28 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2011/11/07 02:45:32 | 000,001,459 | ---- | C] () -- C:\Users\Sebastien\.recently-used.xbel [2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011/10/11 12:43:32 | 000,000,000 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\{4F732F75-0ACB-43BF-AC4E-96D72D98FEB4} [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/09/17 00:59:44 | 000,000,000 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\{DF23FC57-6C6E-4647-8178-74E46C221CAC} [2011/09/16 19:01:45 | 000,000,000 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\{6ABE41A9-50C8-4AA7-B2C0-7EF686D8B3E7} [2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/07/06 02:32:24 | 000,750,820 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/12/03 23:17:18 | 000,005,704 | ---- | C] () -- C:\Users\Sebastien\shoppinglistprint.aspx.htm [2009/06/30 12:51:43 | 000,046,592 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/06/02 15:44:37 | 000,000,760 | ---- | C] () -- C:\Users\Sebastien\AppData\Roaming\setup_ldm.iss [2009/02/11 15:56:21 | 000,002,731 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\ASUS.xrm-ms [2009/02/11 04:39:41 | 000,001,356 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\d3d9caps.dat [2009/01/15 13:49:30 | 000,002,188 | ---- | C] () -- C:\Users\Sebastien\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2006/11/02 08:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 10:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll < End of report >

Argh still being redirected...

Prior to running combo fix as I came to this forum I was still being redirected to random sites. I checked before coming here and clicked a bunch of links on google and it seemed okay. I'll keep my fingers crossed Couple questions for you... Any chance this virus could of spread to my Mac Drives (+HFS). What firewall/anti-virus do you recommend for windows vista? I used to have Zone Alarm back in the day but it's been buggy as hell. Same with AVG Anti-Virus... I read some forums on here mentioning avast as anti virus. Also any firefox addons that are blockers I should download. Thank you seriously for your time and help with this matter by the way, genuinely appreciated. Also this seems to have fixed most issues with the security center, except I still cannot turn on the windows firewall. Any idea about that? ComboFix 13-01-03.02 - Sebastien 01/03/2013 1:36.1.8 - x64 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4085.2549 [GMT -7:00] Running from: c:\users\Sebastien\Downloads\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . E:\install.exe . . ((((((((((((((((((((((((( Files Created from 2012-12-03 to 2013-01-03 ))))))))))))))))))))))))))))))) . . 2072-04-03 19:13 . 2008-03-21 20:46 607296 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll 2071-07-25 15:13 . 2006-11-22 02:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe 2012-12-31 21:42 . 2013-01-03 05:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-12-31 21:42 . 2013-01-03 05:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-12-31 21:39 . 2012-12-31 21:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-31 21:15 . 2012-12-31 21:15 0 ----a-w- c:\windows\system32\atiuxpag.dll 2012-12-31 21:15 . 2012-12-31 21:15 0 ----a-w- c:\windows\system32\atiu9pag.dll 2012-12-31 21:15 . 2012-12-31 21:15 0 ----a-w- c:\windows\system32\atidxx32.dll 2012-12-31 21:15 . 2012-12-31 21:15 0 ----a-w- c:\windows\system32\aticfx32.dll 2012-12-30 13:09 . 2012-12-30 13:09 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e12f05001cde68e1a\MeshBetaRemover.exe 2012-12-30 13:09 . 2012-12-30 13:09 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d5cd5a901cde68e13\DSETUP.dll 2012-12-30 13:09 . 2012-12-30 13:09 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d5cd5a901cde68e13\DXSETUP.exe 2012-12-30 13:09 . 2012-12-30 13:09 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d5cd5a901cde68e13\dsetup32.dll 2012-12-30 13:08 . 2012-12-30 13:08 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d44422801cde68e12\DSETUP.dll 2012-12-30 13:08 . 2012-12-30 13:08 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d44422801cde68e12\DXSETUP.exe 2012-12-30 13:08 . 2012-12-30 13:08 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d44422801cde68e12\dsetup32.dll 2012-12-30 12:42 . 2012-11-14 05:53 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-12-30 12:40 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll 2012-12-30 12:40 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll 2012-12-30 12:40 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-12-30 12:40 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-12-30 12:40 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-12-30 12:32 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll 2012-12-30 12:32 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-30 12:32 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll 2012-12-30 12:32 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-30 12:31 . 2012-11-13 01:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-30 12:31 . 2012-11-13 01:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-30 12:29 . 2012-11-13 01:55 2770432 ----a-w- c:\windows\system32\win32k.sys 2012-12-30 12:29 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-12-30 12:29 . 2012-09-28 16:34 1210368 ----a-w- c:\windows\system32\kernel32.dll 2012-12-30 12:29 . 2012-08-24 16:07 218624 ----a-w- c:\windows\system32\wintrust.dll 2012-12-30 12:29 . 2012-08-24 15:53 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-12-30 12:29 . 2012-03-20 23:34 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-12-30 12:29 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll 2012-12-30 12:29 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll 2012-12-30 12:29 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll 2012-12-30 12:24 . 2012-11-02 10:45 477696 ----a-w- c:\windows\system32\dpnet.dll 2012-12-30 12:24 . 2012-11-02 10:45 68096 ----a-w- c:\windows\system32\dpnathlp.dll 2012-12-30 12:24 . 2012-11-02 10:18 376320 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-30 12:24 . 2012-11-02 08:59 26112 ----a-w- c:\windows\system32\dpnsvr.exe 2012-12-30 12:24 . 2012-11-02 08:26 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe 2012-12-29 23:32 . 2012-12-29 23:32 -------- d-sh--w- c:\windows\system32\%APPDATA% . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-14 23:49 . 2011-11-16 08:13 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-28 22:58 . 2006-11-02 12:35 67413224 ----a-w- c:\windows\system32\mrt.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\Sebastien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-04 932528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728] . c:\users\Sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2012-9-15 0] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-17 1207312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 04:01] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RAVCpl64.exe" [2008-04-15 5430784] "Skytel"="Skytel.exe" [2008-04-15 1826816] "Apple_KbdMgr"="c:\program files\Boot Camp\KbdMgr.exe" [2009-11-15 626464] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 FF - ProfilePath - c:\users\Sebastien\AppData\Roaming\Mozilla\Firefox\Profiles\k9ao8dun.default\ FF - ExtSQL: !HIDDEN! 2009-06-30 13:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-FRUpdate - (no file) Wow6432Node-HKLM-Run-FRUpdate - (no file) SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-Steam App 211 - c:\games)\Steam\steam.exe AddRemove-Steam App 215 - c:\games)\Steam\steam.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-315456852-2602044955-3816073578-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:bf,e7,b5,4f,fa,3b,fe,24,92,30,ec,8c,8a,f8,90,55,af,63,7b,c9,d5,b0,5f, a6,2c,86,d6,1f,94,f0,fe,b0,99,f7,ab,4e,16,d4,2d,5c,9e,7f,07,c8,b7,46,60,04,\ "??"=hex:e2,bc,9f,0f,21,ba,b4,e3,b1,25,5f,5d,16,c4,5e,12 . [HKEY_USERS\S-1-5-21-315456852-2602044955-3816073578-1000\Software\SecuROM\License information*] "datasecu"=hex:34,77,cd,04,d9,4a,8d,40,2f,fd,14,f2,7f,34,09,68,d3,3f,75,e4,49, b3,0d,c2,97,43,10,97,2b,dd,04,aa,a3,d9,1f,a5,2e,40,dd,13,09,de,1c,3c,d7,d5,\ "rkeysecu"=hex:6f,0f,76,dd,7f,04,65,e5,2b,f9,e1,9f,b5,72,6e,4d . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe c:\program files\Logitech\SetPoint\x86\SetPoint32.exe . ************************************************************************** . Completion time: 2013-01-03 01:51:35 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-03 08:51 . Pre-Run: 48,059,699,200 bytes free Post-Run: 47,722,278,912 bytes free . - - End Of File - - E3A79BAF2EE386F0931A9FA32086F878

# AdwCleaner v2.104 - Logfile created 01/03/2013 at 00:52:59 # Updated 29/12/2012 by Xplode # Operating system : Windows Vista Ultimate Service Pack 2 (64 bits) # User : Sebastien - VISTA64-PC # Boot Mode : Normal # Running from : C:\Users\Sebastien\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKCU\Software\Softonic ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\Sebastien\AppData\Roaming\Mozilla\Firefox\Profiles\k9ao8dun.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [726 octets] - [03/01/2013 00:52:59] ########## EOF - C:\AdwCleaner[R1].txt - [785 octets] ########## RogueKiller V8.4.2 [Dec 31 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : Admin [Admin rights] Mode : Scan -- Date : 01/03/2013 01:04:08 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] RAVCpl64.exe -- C:\Windows\RAVCpl64.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 13 ¤¤¤ [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\n.) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\n.) -> FOUND [HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\n.) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\@ --> FOUND [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\@ --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\U --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\L --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200AAJS-41VWA1 ATA Device +++++ --- User --- [MBR] 3258246f96bab4039b3dbdd252e0056e [bSP] 1c9bb2f90d147b9785070011d0732242 : MBR Code unknown Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 305245 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD5001AALS-00L3B2 ATA Device +++++ --- User --- [MBR] d3252a956d1f672693e169d4148a2716 [bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 476940 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: WDC WD5001AALS-00L3B2 ATA Device +++++ --- User --- [MBR] 84e647464629741fd49d02b17a71a351 [bSP] 849b9edd88e30ddc3e1c78f8187f53c8 : MBR Code unknown Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 476940 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: WDC WD5001AALS-00L3B2 ATA Device +++++ --- User --- [MBR] 374bb64bb14f3f9f2ab52e116314a425 [bSP] ea5d0227e69ddd0f666581d772256327 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo 1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 409640 | Size: 242560 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 497436672 | Size: 234051 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01032013_02d0104.txt >> RKreport[1]_S_01032013_02d0104.txt RogueKiller V8.4.2 [Dec 31 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : Sebastien [Admin rights] Mode : Remove -- Date : 01/03/2013 01:05:05 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] RAVCpl64.exe -- C:\Windows\RAVCpl64.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 11 ¤¤¤ [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1) [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\n.) -> REPLACED (C:\Windows\system32\shell32.dll) [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\n.) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll) ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\@ --> REMOVED [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\@ --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\L --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\L --> REMOVED ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200AAJS-41VWA1 ATA Device +++++ --- User --- [MBR] 3258246f96bab4039b3dbdd252e0056e [bSP] 1c9bb2f90d147b9785070011d0732242 : MBR Code unknown Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 305245 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD5001AALS-00L3B2 ATA Device +++++ --- User --- [MBR] d3252a956d1f672693e169d4148a2716 [bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 476940 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: WDC WD5001AALS-00L3B2 ATA Device +++++ --- User --- [MBR] 84e647464629741fd49d02b17a71a351 [bSP] 849b9edd88e30ddc3e1c78f8187f53c8 : MBR Code unknown Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 476940 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: WDC WD5001AALS-00L3B2 ATA Device +++++ --- User --- [MBR] 374bb64bb14f3f9f2ab52e116314a425 [bSP] ea5d0227e69ddd0f666581d772256327 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo 1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 409640 | Size: 242560 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 497436672 | Size: 234051 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_01032013_02d0105.txt >> RKreport[1]_S_01032013_02d0104.txt ; RKreport[2]_D_01032013_02d0105.txt RogueKiller V8.4.2 [Dec 31 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : Admin [Admin rights] Mode : Remove -- Date : 01/03/2013 01:05:05 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] RAVCpl64.exe -- C:\Windows\RAVCpl64.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 11 ¤¤¤ [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1) [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\n.) -> REPLACED (C:\Windows\system32\shell32.dll) [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\n.) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll) ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\@ --> REMOVED [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\@ --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$6c3454887b1f463b58bf973b86babb82\L --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-315456852-2602044955-3816073578-1000\$6c3454887b1f463b58bf973b86babb82\L --> REMOVED ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200AAJS-41VWA1 ATA Device +++++ --- User --- [MBR] 3258246f96bab4039b3dbdd252e0056e [bSP] 1c9bb2f90d147b9785070011d0732242 : MBR Code unknown Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 305245 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD5001AALS-00L3B2 ATA Device +++++ --- User --- [MBR] d3252a956d1f672693e169d4148a2716 [bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 476940 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: WDC WD5001AALS-00L3B2 ATA Device +++++ --- User --- [MBR] 84e647464629741fd49d02b17a71a351 [bSP] 849b9edd88e30ddc3e1c78f8187f53c8 : MBR Code unknown Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 476940 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: WDC WD5001AALS-00L3B2 ATA Device +++++ --- User --- [MBR] 374bb64bb14f3f9f2ab52e116314a425 [bSP] ea5d0227e69ddd0f666581d772256327 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo 1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 409640 | Size: 242560 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 497436672 | Size: 234051 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_01032013_02d0105.txt >> RKreport[1]_S_01032013_02d0104.txt ; RKreport[2]_D_01032013_02d0105.txt

Thanks for your quick reply Gringo, I will do my best to follow your instructions here we go, the logs as you requested: ---------------------------------------------------------------- defogger_disable by jpshortstuff (23.02.10.1) Log created at 22:36 on 02/01/2013 (_________) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Results of screen317's Security Check version 0.99.56 Windows Vista Service Pack 2 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.2.202.228 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (17.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 15 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 Run by Admin at 22:40:53 on 2013-01-02 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4085.2317 [GMT -7:00] . . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\AppleOSSMgr.exe C:\Windows\system32\AppleTimeSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\RAVCpl64.exe C:\Program Files\Boot Camp\KbdMgr.exe C:\Users\Sebastien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mWinlogon: Userinit = userinit.exe, BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned> uRun: [FRUpdate] <no file> mRun: [FRUpdate] <no file> StartupFolder: C:\Users\Sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 TCP: NameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{66D346A8-66EC-4C16-AAE7-577FD2821791} : DHCPNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{A45B1322-678A-4533-A3B4-ACF1D2BDCB40} : DHCPNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{D016123C-13DE-4E58-9E2F-F66AEDDE2567} : DHCPNameServer = 75.75.76.76 75.75.75.75 LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [RtHDVCpl] RAVCpl64.exe x64-Run: [skytel] Skytel.exe x64-Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE x64-mPolicies-Explorer: NoActiveDesktop = dword:1 x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1 x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 x64-mPolicies-System: EnableLUA = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll x64-STS: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll x64-STS: Deskscapes Class - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\deskscapes.dll x64-STS: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll x64-mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - C:\Windows\System32\soundschemes.exe /AddRegistration x64-mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - C:\Windows\System32\soundschemes2.exe /AddRegistration . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Sebastien\AppData\Roaming\Mozilla\Firefox\Profiles\k9ao8dun.default\ FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll FF - ExtSQL: !HIDDEN! 2009-06-30 13:22; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616] R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\System32\AppleOSSMgr.exe [2009-11-15 170296] R2 AppleTimeSrv;Apple Time Service;C:\Windows\System32\AppleTimeSrv.exe [2009-11-15 110904] R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648] R2 KeyAgent;KeyAgent;C:\Windows\System32\drivers\KeyAgent.sys [2009-11-15 15416] R2 MacHALDriver;Mac HAL;C:\Windows\System32\drivers\MacHALDriver.sys [2008-4-15 15416] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-31 398184] R3 applebt;Apple Built-in Bluetooth;C:\Windows\System32\drivers\applebt.sys [2009-1-15 10752] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-2-23 92176] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-16 24176] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-31 682344] S3 BthKicker;Apple Bluetooth Device Driver;C:\Windows\System32\drivers\BthKicker.sys [2009-1-15 8704] S3 KeyMagic;USB Keyboard HID Filter;C:\Windows\System32\drivers\KeyMagic.sys [2009-11-23 29184] S3 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2008-5-21 34832] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-7 89920] . =============== File Associations =============== . FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %* FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2012-12-31 21:15:15 0 ----a-w- C:\Windows\System32\atiuxpag.dll 2012-12-31 21:15:15 0 ----a-w- C:\Windows\System32\atiu9pag.dll 2012-12-31 21:15:15 0 ----a-w- C:\Windows\System32\atidxx32.dll 2012-12-31 21:15:15 0 ----a-w- C:\Windows\System32\aticfx32.dll 2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-14 23:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-11-28 22:58:30 67413224 ----a-w- C:\Windows\System32\mrt.exe 2012-11-14 07:06:18 17811968 ----a-w- C:\Windows\System32\mshtml.dll 2012-11-14 06:32:33 10925568 ----a-w- C:\Windows\System32\ieframe.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:44 1346048 ----a-w- C:\Windows\System32\urlmon.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 06:02:04 237056 ----a-w- C:\Windows\System32\url.dll 2012-11-14 05:59:52 85504 ----a-w- C:\Windows\System32\jsproxy.dll 2012-11-14 05:58:36 816640 ----a-w- C:\Windows\System32\jscript.dll 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:55:45 2144768 ----a-w- C:\Windows\System32\iertutil.dll 2012-11-14 05:55:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll 2012-11-14 05:53:22 96768 ----a-w- C:\Windows\System32\mshtmled.dll 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 05:46:25 248320 ----a-w- C:\Windows\System32\ieui.dll 2012-11-14 02:48:26 12320256 ----a-w- C:\Windows\SysWow64\mshtml.dll 2012-11-14 02:14:59 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:44 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:55:46 231936 ----a-w- C:\Windows\SysWow64\url.dll 2012-11-14 01:51:44 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:49:19 717824 ----a-w- C:\Windows\SysWow64\jscript.dll 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll 2012-11-14 01:46:38 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll 2012-11-14 01:45:01 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-14 01:41:30 176640 ----a-w- C:\Windows\SysWow64\ieui.dll 2012-11-13 01:55:22 2770432 ----a-w- C:\Windows\System32\win32k.sys 2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll 2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe 2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe . ============= FINISH: 22:41:11.02 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Ultimate Boot Device: \Device\HarddiskVolume9 Install Date: 1/15/2009 9:40:43 PM System Uptime: 1/2/2013 10:28:19 PM (0 hours ago) . Motherboard: Apple Inc. | | Mac-F42C88C8 Processor: Intel® Xeon® CPU E5462 @ 2.80GHz | CPU-A ( 0 ) | 2800/400mhz Processor: Intel® Xeon® CPU E5462 @ 2.80GHz | CPU-B ( 0 ) | 2800/400mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 229 GiB total, 40.447 GiB free. D: is CDROM () E: is FIXED (FAT32) - 237 GiB total, 142.206 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.1.2 AMD APP SDK Runtime AMD Catalyst Install Manager Apple Application Support Apple Mobile Device Support Apple Software Update Application Profiles Bonjour Boot Camp Services Canon iP3600 series Printer Driver Canon Utilities Solution Menu Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CDDRV_Installer Choice Guard Curse Client DeskScapes Diablo III EPSON Scan gBurner Google Update Helper Guild Wars 2 Hero Editor V1.03 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Indeo® Software iTunes KhalInstallWrapper Logitech SetPoint MagicDisc 2.7.106 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Silverlight Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Mozilla Firefox 17.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers OpenAL QuickTime Realtek High Definition Audio Driver RollerCoaster Tycoon 3 Platinum Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) SimCity 4 Skype™ 5.5 Source SDK Source SDK Base Spotify Star Wars: The Old Republic StarCraft II Steam The Elder Scrolls V: Skyrim Ultimate Extras sounds from Microsoft® Tinker™ Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Ventrilo Client for Windows x64 Visual C++ 8.0 Runtime Setup Package (x64) Warcraft III Warcraft III: All Products Winamp Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.10.3.9) Windows Driver Package - Apple Inc. Apple Bluetooth (04/06/2008 2.1.0.1) Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) Windows Driver Package - Apple Inc. Apple Display (12/19/2007 2.0.2.0) Windows Driver Package - Apple Inc. Apple IR Receiver (11/01/2007 2.0.1.1) Windows Driver Package - Apple Inc. Apple Keyboard (03/10/2008 2.1.0.0) Windows Driver Package - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0) Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0) Windows Driver Package - Apple Inc. Apple Multitouch (12/18/2007 2.0.1.10) Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0) Windows Driver Package - Apple Inc. Apple Multitouch Mouse (12/18/2007 2.0.1.10) Windows Driver Package - Apple Inc. Apple Trackpad (10/09/2007 2.0.1.5) Windows Driver Package - Apple Inc. Apple Trackpad Enabler (10/09/2007 2.0.1.5) Windows Driver Package - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5) Windows Driver Package - Apple Inc. System (09/12/2007 2.0.1.1) Windows Driver Package - Broadcom (BCM43XX) Net (09/20/2007 4.170.25.12) Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (10/13/2009 6.6001.1.16) Windows Driver Package - Intel System (07/20/2007 1.2.76.0) Windows Driver Package - Marvell (yukonx64) Net (12/06/2007 10.51.1.3) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Messenger Windows Live Upload Tool Windows Sound Schemes WinPcap 4.1 beta4 WinRAR archiver World of Warcraft . ==== End Of File ===========================

Hello, I have this pesky virus that redirects my web clicks. Not sure if it matters but thought I would mention that I am running Windows Vista x64 on Bootcamp via a Mac Computer. Any help would be appreciated! Also I am unable to turn on my windows security center...