Jump to content

azstokes

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

 Content Type 

Posts posted by azstokes

    Livesearch Virus

    in Resolved Malware Removal Logs

    Posted

    Gringo...

    1st the problems I may have had..... doesn't seem to have had any effect .... I followed your instructions in order .... as I was using ccleaner (it was running) we had a power outage due to a lightning storm and the computer shut down in the middle of it .... once it re-started all seemed normal so I ran ccleaner and then proceeded with the rest....

    Computer seems to be doing well....

    Here are the logs:

    Malwarebytes Anti-Malware 1.70.0.1100

    www.malwarebytes.org

    Database version: v2013.03.24.09

    Windows Vista Service Pack 2 x64 NTFS

    Internet Explorer 9.0.8112.16421

    azstokes :: AZSTOKES-PC [administrator]

    3/24/2013 10:17:19 PM

    mbam-log-2013-03-24 (22-17-19).txt

    Scan type: Full scan (C:\|)

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 713715

    Time elapsed: 2 hour(s), 16 minute(s), 20 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 7:13:17 AM, on 3/25/2013

    Platform: Windows Vista SP2 (WinNT 6.00.1906)

    MSIE: Internet Explorer v9.00 (9.00.8112.16470)

    Boot mode: Normal

    Running processes:

    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

    C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe

    C:\Program Files (x86)\Internet Download Manager\IDMan.exe

    C:\Program Files (x86)\trademanager2\AliIM.exe

    C:\Program Files (x86)\Norton 360\Engine\3.8.3.6\ccSvcHst.exe

    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

    C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe

    C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe

    C:\Program Files (x86)\iTunes\iTunesHelper.exe

    C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe

    C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe

    C:\Program Files (x86)\TechSmith\Snagit 9\TSCHelp.exe

    C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

    C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe

    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

    C:\Program Files (x86)\TechSmith\Snagit 9\snagiteditor.exe

    C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe

    C:\Users\azstokes\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.3.6\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.3.6\IPSBHO.DLL

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll

    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.3.6\coIEPlg.dll

    O3 - Toolbar: RedBox Toolbar - {e6d87380-6e47-11db-9fe1-0800200c9a66} - C:\Program Files (x86)\Studio V5\RedBox7\RedBoxBar.dll

    O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

    O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE

    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    O4 - HKLM\..\Run: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

    O4 - HKLM\..\Run: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

    O4 - HKLM\..\Run: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

    O4 - HKLM\..\Run: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

    O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

    O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"

    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

    O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

    O4 - HKLM\..\Run: [LTCM Client] "C:\Program Files (x86)\LTCM Client\ltcmClient.exe" /startup

    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE

    O4 - HKCU\..\Run: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

    O4 - HKCU\..\Run: [aliim] "C:\Program Files (x86)\trademanager2\AliIM.exe" /autorun

    O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Startup: Jacquie Lawson London Advent Calendar.lnk = C:\Program Files (x86)\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exe

    O4 - Startup: JL Alpine Advent Calendar.lnk = C:\Program Files (x86)\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe

    O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Snagit 9.lnk = C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe

    O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

    O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O15 - Trusted Zone: http://*.alipay.com

    O15 - Trusted Zone: http://*.alisoft.com

    O15 - Trusted Zone: http://*.taobao.com

    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

    O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.3.6\coIEPlg.dll

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

    O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe

    O23 - Service: GoToMyPC - Unknown owner - C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe (file missing)

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\3.8.3.6\ccSvcHst.exe

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Unknown owner - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (file missing)

    O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

    O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --

    End of file - 15497 bytes

    Livesearch Virus

    in Resolved Malware Removal Logs

    Posted

    Computer seems to be running well - no re-directs so far......

    Here is log:

    ComboFix 13-03-24.03 - azstokes 03/24/2013 20:36:12.2.4 - x64

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8181.4493 [GMT -4:00]

    Running from: c:\users\azstokes\Desktop\ComboFix.exe

    Command switches used :: c:\users\azstokes\Desktop\CFScript.txt

    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((( Files Created from 2013-02-25 to 2013-03-25 )))))))))))))))))))))))))))))))

    .

    .

    2013-03-25 00:46 . 2013-03-25 00:46 -------- d-----w- c:\users\Default\AppData\Local\temp

    2013-03-24 18:30 . 2013-03-24 23:53 -------- d-----w- c:\programdata\boost_interprocess

    2013-03-24 18:18 . 2013-03-24 18:19 629 ----a-w- c:\windows\DeleteOnReboot.bat

    2013-03-22 05:50 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1475FBA-3130-4CD9-8CFA-7E669567449D}\mpengine.dll

    2013-03-17 13:50 . 2013-03-17 13:51 -------- d-----w- c:\program files (x86)\Ask.com

    2013-03-17 13:50 . 2013-03-17 13:50 -------- d-----w- C:\Firefox

    2013-03-17 13:40 . 2013-03-17 13:40 -------- d-----w- c:\programdata\Ask

    2013-03-17 13:39 . 2013-03-17 13:39 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

    2013-03-16 14:28 . 2013-03-18 23:08 -------- d-----w- c:\users\azstokes\AppData\Local\Macromedia

    2013-03-15 00:02 . 2013-02-02 06:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb

    2013-03-15 00:02 . 2013-02-02 06:38 96768 ----a-w- c:\windows\system32\mshtmled.dll

    2013-03-15 00:02 . 2013-02-02 03:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

    2013-03-14 14:30 . 2013-03-14 14:30 -------- d-----w- c:\users\azstokes\AppData\Roaming\Alibaba

    2013-03-14 06:09 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023x.sys

    2013-03-14 06:09 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2013-03-17 13:39 . 2012-07-17 20:44 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

    2013-03-17 13:39 . 2010-10-06 10:01 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

    2013-03-15 00:03 . 2006-11-02 12:35 72013344 ----a-w- c:\windows\system32\mrt.exe

    2013-01-17 05:28 . 2011-06-29 00:53 273840 ------w- c:\windows\system32\MpSigStub.exe

    2013-01-05 05:37 . 2013-02-13 08:36 4695400 ----a-w- c:\windows\system32\ntoskrnl.exe

    2013-01-04 11:31 . 2013-02-13 08:36 1423720 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2013-01-04 01:59 . 2013-02-13 08:36 2773504 ----a-w- c:\windows\system32\win32k.sys

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

    "PMSpeed"="c:\program files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120]

    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-12-12 3541008]

    "PriceWatcher"="c:\program files (x86)\PriceWatcher\PriceWatcher.exe" [2011-09-24 1055744]

    "aliim"="c:\program files (x86)\trademanager2\AliIM.exe" [2013-03-06 292368]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

    "KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]

    "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]

    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]

    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

    "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-11-27 210216]

    "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-16 1152296]

    "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-16 189736]

    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

    "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]

    "TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-04-23 206120]

    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

    "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]

    "LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]

    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

    "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

    .

    c:\users\azstokes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [N/A]

    Jacquie Lawson London Advent Calendar.lnk - c:\program files (x86)\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exe [N/A]

    JL Alpine Advent Calendar.lnk - c:\program files (x86)\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe [N/A]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]

    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

    Snagit 9.lnk - c:\program files (x86)\TechSmith\Snagit 9\Snagit32.exe [2008-11-6 7217480]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

    @="FSFilter Activity Monitor"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

    @="Service"

    .

    S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

    .

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    .

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    Themes

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2013-03-20 c:\windows\Tasks\PCDRScheduledMaintenance.job

    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-11-05 17:34]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

    2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [bU]

    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-11-03 182808]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 154648]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 227352]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 202264]

    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [bU]

    "WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2008-05-24 26448]

    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]

    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 2320752]

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt

    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = *.local

    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

    Trusted Zone: alipay.com

    Trusted Zone: alisoft.com

    Trusted Zone: taobao.com

    TCP: DhcpNameServer = 192.168.1.1

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Wow6432Node-HKLM-Run-<NO NAME> - (no file)

    AddRemove-{15FEDA5F-141C-4127-8D7E-B962D1742728} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe

    AddRemove-{96F9B265-1367-4E1A-B8B9-F8530EF3AA62} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe

    .

    .

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]

    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\3.8.3.6\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\3.8.3.6\diMaster.dll\" /prefetch:1"

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]

    "ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-3175081619-279659250-2698794416-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x*2*6*4*-*V*i*S*T*A*"!\OpenWithList]

    @Class="Shell"

    .

    [HKEY_USERS\S-1-5-21-3175081619-279659250-2698794416-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D585FC35-A888-65F7-B300-5BD702B835E0}*]

    "hajlnplmdhelkheg"=hex:6a,61,68,6e,65,6b,6c,6a,69,68,61,63,6e,66,6c,62,62,66,

    64,69,00,db

    "iadlpncbhnegkkmofa"=hex:6a,61,68,6e,65,6b,6c,6a,69,68,61,63,6e,66,6c,62,62,66,

    64,69,00,66

    .

    [HKEY_USERS\S-1-5-21-3175081619-279659250-2698794416-1000_Classes\Wow6432Node\CLSID\{02f5febc-708c-402d-b09e-b1bea9e5eb20}]

    @Denied: (Full) (Everyone)

    @Allowed: (Read) (RestrictedCode)

    "Model"=dword:00000099

    "Therad"=dword:00000020

    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

    38,95,44,85,b1,12,f9,90,dd,23,a1,90,9c,b7,91,53,63,6d,21,c3,e7,00,ed,68,64,\

    .

    [HKEY_USERS\S-1-5-21-3175081619-279659250-2698794416-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

    @Denied: (Full) (Everyone)

    @Allowed: (Read) (RestrictedCode)

    "scansk"=hex(0):44,ff,10,6d,3b,d5,c1,21,48,b6,98,f3,b4,f5,cd,72,59,af,75,68,ef,

    bb,cc,9b,ac,ae,0d,cc,64,67,27,c8,db,66,d3,ed,85,ce,fb,cd,00,00,00,00,00,00,\

    .

    [HKEY_USERS\S-1-5-21-3175081619-279659250-2698794416-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

    @Denied: (Full) (Everyone)

    "scansk"=hex(0):54,2b,ed,75,66,20,58,71,b6,c5,d0,3b,73,5c,9c,6b,15,b5,5e,02,da,

    6f,46,16,25,47,ee,15,2c,d8,9f,e6,e6,4c,d2,51,9b,a5,85,f1,00,00,00,00,00,00,\

    .

    [HKEY_USERS\S-1-5-21-3175081619-279659250-2698794416-1000_Classes\Wow6432Node\CLSID\{feaa2c00-9731-40fa-901f-e501839db929}]

    @Denied: (Full) (Everyone)

    @Allowed: (Read) (RestrictedCode)

    "Model"=dword:00000041

    "Therad"=dword:00000016

    "MData"=hex(0):06,79,6c,31,bd,d4,04,af,89,b4,f4,2a,47,09,8c,8e,ed,d3,4b,ec,8f,

    08,48,2f,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.10"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

    @="Shockwave Flash"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

    @Denied: (A 2) (Everyone)

    @=""

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

    @="FlashBroker"

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    Completion time: 2013-03-24 20:48:27

    ComboFix-quarantined-files.txt 2013-03-25 00:48

    ComboFix2.txt 2013-03-24 23:56

    .

    Pre-Run: 185,499,422,720 bytes free

    Post-Run: 185,490,247,680 bytes free

    .

    - - End Of File - - 90B89130863BE5C460D1DEE70DECD842

    Livesearch Virus

    in Resolved Malware Removal Logs

    Posted

    I will paste the log below .... but first you asked about problems that I may have had..... I followed the instructions disable Norton 360 by right clicking the icon in the system tray and then selecting "Disable Auto Protect" and then chose 5 hours.... but I got a pop-up box from Combofix that said that it was still running, and to disable it .... I tried again but it only had the option to turn it back on again ... I'm assuming because it was already disabled .... so I clicked ok and Combofix again told me that my Norton was running but it was going to continue anyway.....

    Here is the log:

    ComboFix 13-03-24.03 - azstokes 03/24/2013 19:40:45.1.4 - x64

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8181.4743 [GMT -4:00]

    Running from: c:\users\azstokes\Desktop\ComboFix.exe

    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ADS - Windows: deleted 24 bytes in 1 streams.

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\programdata\boost_interprocess\20130324142045.125597

    c:\users\azstokes\AppData\Roaming\.#

    c:\users\azstokes\AppData\Roaming\.#\MBX@1C60@1B1BF8.###

    c:\users\azstokes\AppData\Roaming\.#\MBX@1C60@1B1C08.###

    c:\users\azstokes\AppData\Roaming\.#\MBX@1C60@1B1C18.###

    c:\users\azstokes\AppData\Roaming\.#\MBX@1C60@1B1C28.###

    .

    .

    ((((((((((((((((((((((((( Files Created from 2013-02-24 to 2013-03-24 )))))))))))))))))))))))))))))))

    .

    .

    2013-03-24 18:18 . 2013-03-24 18:19 629 ----a-w- c:\windows\DeleteOnReboot.bat

    2013-03-22 05:50 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1475FBA-3130-4CD9-8CFA-7E669567449D}\mpengine.dll

    2013-03-17 13:50 . 2013-03-17 13:51 -------- d-----w- c:\program files (x86)\Ask.com

    2013-03-17 13:50 . 2013-03-17 13:50 -------- d-----w- C:\Firefox

    2013-03-17 13:40 . 2013-03-17 13:40 -------- d-----w- c:\programdata\Ask

    2013-03-17 13:39 . 2013-03-17 13:39 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

    2013-03-16 14:28 . 2013-03-18 23:08 -------- d-----w- c:\users\azstokes\AppData\Local\Macromedia

    2013-03-15 00:02 . 2013-02-02 06:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb

    2013-03-15 00:02 . 2013-02-02 06:38 96768 ----a-w- c:\windows\system32\mshtmled.dll

    2013-03-15 00:02 . 2013-02-02 03:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

    2013-03-14 14:30 . 2013-03-14 14:30 -------- d-----w- c:\users\azstokes\AppData\Roaming\Alibaba

    2013-03-14 06:09 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023x.sys

    2013-03-14 06:09 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2013-03-17 13:39 . 2012-07-17 20:44 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

    2013-03-17 13:39 . 2010-10-06 10:01 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

    2013-03-15 00:03 . 2006-11-02 12:35 72013344 ----a-w- c:\windows\system32\mrt.exe

    2013-01-17 05:28 . 2011-06-29 00:53 273840 ------w- c:\windows\system32\MpSigStub.exe

    2013-01-05 05:37 . 2013-02-13 08:36 4695400 ----a-w- c:\windows\system32\ntoskrnl.exe

    2013-01-04 11:31 . 2013-02-13 08:36 1423720 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2013-01-04 01:59 . 2013-02-13 08:36 2773504 ----a-w- c:\windows\system32\win32k.sys

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

    "PMSpeed"="c:\program files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120]

    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-12-12 3541008]

    "PriceWatcher"="c:\program files (x86)\PriceWatcher\PriceWatcher.exe" [2011-09-24 1055744]

    "aliim"="c:\program files (x86)\trademanager2\AliIM.exe" [2013-03-06 292368]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

    "KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]

    "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]

    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]

    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

    "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-11-27 210216]

    "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-16 1152296]

    "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-16 189736]

    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

    "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]

    "TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-04-23 206120]

    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

    "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]

    "LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]

    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

    "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

    .

    c:\users\azstokes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [N/A]

    Jacquie Lawson London Advent Calendar.lnk - c:\program files (x86)\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exe [N/A]

    JL Alpine Advent Calendar.lnk - c:\program files (x86)\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe [N/A]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]

    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

    Snagit 9.lnk - c:\program files (x86)\TechSmith\Snagit 9\Snagit32.exe [2008-11-6 7217480]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

    @="FSFilter Activity Monitor"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

    @="Service"

    .

    S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

    .

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    .

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    Themes

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2013-03-20 c:\windows\Tasks\PCDRScheduledMaintenance.job

    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-11-05 17:34]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

    2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-11-03 182808]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 154648]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 227352]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 202264]

    "WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2008-05-24 26448]

    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]

    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 2320752]

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt

    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = *.local

    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

    Trusted Zone: alipay.com

    Trusted Zone: alisoft.com

    Trusted Zone: taobao.com

    TCP: DhcpNameServer = 192.168.1.1

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Wow6432Node-HKLM-Run-hpqSRMon - (no file)

    Wow6432Node-HKLM-Run-<NO NAME> - (no file)

    SafeBoot-WudfPf

    SafeBoot-WudfRd

    HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    HKLM-Run-AdobeAAMUpdater-1.0 - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

    AddRemove-{15FEDA5F-141C-4127-8D7E-B962D1742728} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe

    AddRemove-{96F9B265-1367-4E1A-B8B9-F8530EF3AA62} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe

    .

    .

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]

    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\3.8.3.6\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\3.8.3.6\diMaster.dll\" /prefetch:1"

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]

    "ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-3175081619-279659250-2698794416-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x*2*6*4*-*V*i*S*T*A*"!\OpenWithList]

    @Class="Shell"

    .

    [HKEY_USERS\S-1-5-21-3175081619-279659250-2698794416-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D585FC35-A888-65F7-B300-5BD702B835E0}*]

    "hajlnplmdhelkheg"=hex:6a,61,68,6e,65,6b,6c,6a,69,68,61,63,6e,66,6c,62,62,66,

    64,69,00,db

    "iadlpncbhnegkkmofa"=hex:6a,61,68,6e,65,6b,6c,6a,69,68,61,63,6e,66,6c,62,62,66,

    64,69,00,66

    .

    [HKEY_USERS\S-1-5-21-3175081619-279659250-2698794416-1000_Classes\Wow6432Node\CLSID\{02f5febc-708c-402d-b09e-b1bea9e5eb20}]

    @Denied: (Full) (Everyone)

    @Allowed: (Read) (RestrictedCode)

    "Model"=dword:00000099

    "Therad"=dword:00000020

    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

    38,95,44,85,b1,12,f9,90,dd,23,a1,90,9c,b7,91,53,63,6d,21,c3,e7,00,ed,68,64,\

    .

    [HKEY_USERS\S-1-5-21-3175081619-279659250-2698794416-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

    @Denied: (Full) (Everyone)

    @Allowed: (Read) (RestrictedCode)

    "scansk"=hex(0):44,ff,10,6d,3b,d5,c1,21,48,b6,98,f3,b4,f5,cd,72,59,af,75,68,ef,

    bb,cc,9b,ac,ae,0d,cc,64,67,27,c8,db,66,d3,ed,85,ce,fb,cd,00,00,00,00,00,00,\

    .

    [HKEY_USERS\S-1-5-21-3175081619-279659250-2698794416-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

    @Denied: (Full) (Everyone)

    "scansk"=hex(0):54,2b,ed,75,66,20,58,71,b6,c5,d0,3b,73,5c,9c,6b,15,b5,5e,02,da,

    6f,46,16,25,47,ee,15,2c,d8,9f,e6,e6,4c,d2,51,9b,a5,85,f1,00,00,00,00,00,00,\

    .

    [HKEY_USERS\S-1-5-21-3175081619-279659250-2698794416-1000_Classes\Wow6432Node\CLSID\{feaa2c00-9731-40fa-901f-e501839db929}]

    @Denied: (Full) (Everyone)

    @Allowed: (Read) (RestrictedCode)

    "Model"=dword:00000041

    "Therad"=dword:00000016

    "MData"=hex(0):06,79,6c,31,bd,d4,04,af,89,b4,f4,2a,47,09,8c,8e,ed,d3,4b,ec,8f,

    08,48,2f,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.10"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

    @="Shockwave Flash"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

    @Denied: (A 2) (Everyone)

    @=""

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

    @="FlashBroker"

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    Completion time: 2013-03-24 19:56:19

    ComboFix-quarantined-files.txt 2013-03-24 23:56

    .

    Pre-Run: 185,573,945,344 bytes free

    Post-Run: 185,473,204,224 bytes free

    .

    - - End Of File - - 8673BDB2C54ECB0843C0A58973142723

    Just tried about 20 search results and no re-directs!!!!

    Livesearch Virus

    in Resolved Malware Removal Logs

    Posted

    Gringo,

    Thanks so much for taking this on .... not sure if you want me to check out if any redirects yet or not ... so I have only opened up explorere to respond to this

    Here are the results of the 3 things that you wanted me to do:

    Results of screen317's Security Check version 0.99.61

    Windows Vista Service Pack 2 x64 (UAC is enabled)

    Internet Explorer 9

    ``````````````Antivirus/Firewall Check:``````````````

    Windows Firewall Enabled!

    Norton 360

    WMI entry may not exist for antivirus; attempting automatic update.

    `````````Anti-malware/Other Utilities Check:`````````

    Malwarebytes Anti-Malware version 1.70.0.1100

    JavaFX 2.1.1

    Java 7 Update 17

    Adobe Reader 10.1.4 Adobe Reader out of Date!

    ````````Process Check: objlist.exe by Laurent````````

    Norton ccSvcHst.exe

    Windows Defender MSASCui.exe

    Windows Defender MSASCui.exe

    `````````````````System Health check`````````````````

    Total Fragmentation on Drive C: 11 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

    ````````````````````End of Log``````````````````````

    _____________________________________________________________________________________________________

    # AdwCleaner v2.115 - Logfile created 03/24/2013 at 14:18:44

    # Updated 17/03/2013 by Xplode

    # Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)

    # User : azstokes - AZSTOKES-PC

    # Boot Mode : Normal

    # Running from : C:\Users\azstokes\Desktop\adwcleaner.exe

    # Option [Delete]

    ***** [services] *****

    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Ask.com

    Deleted on reboot : C:\Program Files (x86)\Free Offers from Freeze.com

    Deleted on reboot : C:\Program Files (x86)\vShare

    Deleted on reboot : C:\ProgramData\Ask

    Deleted on reboot : C:\ProgramData\boost_interprocess

    Deleted on reboot : C:\ProgramData\Trymedia

    Deleted on reboot : C:\Users\azstokes\AppData\Local\APN

    Deleted on reboot : C:\Users\azstokes\AppData\LocalLow\AskToolbar

    Deleted on reboot : C:\Users\azstokes\AppData\LocalLow\vShare

    Deleted on reboot : C:\Users\azstokes\AppData\Roaming\iWin

    Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN

    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

    Key Deleted : HKCU\Software\Ask.com

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

    Key Deleted : HKCU\Software\vShare

    Key Deleted : HKCU\Software\Zugo

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}

    Key Deleted : HKLM\Software\APN

    Key Deleted : HKLM\Software\AskToolbar

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL

    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome

    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}

    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

    Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol

    Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1

    Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj

    Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj.1

    Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers

    Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1

    Key Deleted : HKLM\Software\Freeze.com

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

    Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]

    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

    ***** [internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16470

    [OK] Registry is clean.

    -\\ Google Chrome v [unable to get version]

    File : C:\Users\azstokes\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[s1].txt - [8915 octets] - [24/03/2013 14:18:44]

    ########## EOF - C:\AdwCleaner[s1].txt - [8975 octets] ##########

    ___________________________________________________________________________________________________________________

    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version

    Started in : Normal mode

    User : azstokes [Admin rights]

    Mode : Scan -- Date : 03/24/2013 14:42:10

    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 9 ¤¤¤

    [RUN][sUSP PATH] HKCU\[...]\Run : www.AuctionListingCreator (rundll32 "C:\Users\azstokes\AppData\Local\{A7E29EC6-07C0-4B68-8AF7-676FBE71F633}\www.AuctionListingCreator\pswro.dll",SCBB2_CreateTransformTablesW) [-] -> FOUND

    [RUN][sUSP PATH] HKCU\[...]\Run : Macromedia (RegSVR32.exe C:\Users\azstokes\AppData\Local\Macromedia\azfsxtcx.dll) [-] -> FOUND

    [RUN][sUSP PATH] HKUS\S-1-5-21-3175081619-279659250-2698794416-1000[...]\Run : www.AuctionListingCreator (rundll32 "C:\Users\azstokes\AppData\Local\{A7E29EC6-07C0-4B68-8AF7-676FBE71F633}\www.AuctionListingCreator\pswro.dll",SCBB2_CreateTransformTablesW) [-] -> FOUND

    [RUN][sUSP PATH] HKUS\S-1-5-21-3175081619-279659250-2698794416-1000[...]\Run : Macromedia (RegSVR32.exe C:\Users\azstokes\AppData\Local\Macromedia\azfsxtcx.dll) [-] -> FOUND

    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> FOUND

    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost

    ::1 localhost

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG HD642JJ +++++

    --- User ---

    [MBR] 568623e26bced56e1ac926eb86d01a8c

    [bSP] 309fdfd200901d3359dd1e035123a213 : MBR Code unknown

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 597323 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1223317620 | Size: 13154 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[1]_S_03242013_02d1442.txt >>

    RKreport[1]_S_03242013_02d1442.txt

    Livesearch Virus

    in Resolved Malware Removal Logs

    Posted

    I appear to have been infected with the Livesearch Virus .... that is re-directing links from popular search engines .... I would be extremely greatful for any assistance you could possibly provide to me ..... I have attached the two requested items to this e-mail.

    Thanks in advance for any help you may be able to provide me..

    dds.txt

    attach.txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.