Jump to content

pup.bitminer removal help please


Recommended Posts

Got pup.bitminer. MBAM scan shows it everytime and says it removes it every time but it always comes back... Following are some logs.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8351

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

12/11/2011 8:30:03 AM

mbam-log-2011-12-11 (08-30-03).txt

Scan type: Full scan (C:\|)

Objects scanned: 195279

Time elapsed: 50 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.

====================================================================================================================

Results of screen317's Security Check version 0.99.24

Windows 7 x64 (UAC is disabled!)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 29

Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

==================================================================================================================================

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-12-11 09:26:02

Windows 6.1.7601 Service Pack 1

Running: dox7vw3f.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

---- EOF - GMER 1.0.15 ----

=============================================================================================

MiniToolBox by Farbar

Ran by Owner (administrator) on 11-12-2011 at 08:44:15

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

Hosts file not detected in the default directory

========================= IP Configuration: ================================

Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected)

Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)

The following helper DLL cannot be loaded: WSHELPER.DLL.

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

reset

set global icmpredirects=enabled

popd

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : LAPPY

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN

Physical Address. . . . . . . . . : 00-24-D6-27-14-84

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::88eb:2e5d:a561:97d6%12(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Sunday, December 11, 2011 6:08:18 AM

Lease Expires . . . . . . . . . . : Monday, December 12, 2011 6:08:18 AM

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DHCPv6 IAID . . . . . . . . . . . : 234890454

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-69-F3-B9-00-24-E8-E3-37-8B

DNS Servers . . . . . . . . . . . : 192.168.0.1

NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 00-24-E8-E3-37-8B

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A82C9485-23B9-48E3-8AAD-A50FDEB8BCF0}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{20324D28-979E-47B5-A92E-BD2F84EB5BD8}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3c92:10f:b302:97a8(Preferred)

Link-local IPv6 Address . . . . . : fe80::3c92:10f:b302:97a8%13(Preferred)

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled

===========================================================================

Interface List

12...00 24 d6 27 14 84 ......Intel® WiFi Link 5100 AGN

10...00 24 e8 e3 37 8b ......Realtek PCIe GBE Family Controller

1...........................Software Loopback Interface 1

15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 25

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.0.0 255.255.255.0 On-link 192.168.0.5 281

192.168.0.5 255.255.255.255 On-link 192.168.0.5 281

192.168.0.255 255.255.255.255 On-link 192.168.0.5 281

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.0.5 281

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.0.5 281

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

13 58 ::/0 On-link

1 306 ::1/128 On-link

13 58 2001::/32 On-link

13 306 2001:0:4137:9e76:3c92:10f:b302:97a8/128

On-link

12 281 fe80::/64 On-link

13 306 fe80::/64 On-link

13 306 fe80::3c92:10f:b302:97a8/128

On-link

12 281 fe80::88eb:2e5d:a561:97d6/128

On-link

1 306 ff00::/8 On-link

13 306 ff00::/8 On-link

12 281 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)

Catalog5 06 mswsock.dll [File Not found] ()

Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog9 01 mswsock.dll [File Not found] ()

Catalog9 02 mswsock.dll [File Not found] ()

Catalog9 03 mswsock.dll [File Not found] ()

Catalog9 04 mswsock.dll [File Not found] ()

Catalog9 05 mswsock.dll [File Not found] ()

Catalog9 06 mswsock.dll [File Not found] ()

Catalog9 07 mswsock.dll [File Not found] ()

Catalog9 08 mswsock.dll [File Not found] ()

Catalog9 09 mswsock.dll [File Not found] ()

Catalog9 10 mswsock.dll [File Not found] ()

x64-Catalog5 01 mswsock.dll [File Not found] ()

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)

x64-Catalog5 06 mswsock.dll [File Not found] ()

x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog9 01 mswsock.dll [File Not found] ()

x64-Catalog9 02 mswsock.dll [File Not found] ()

x64-Catalog9 03 mswsock.dll [File Not found] ()

x64-Catalog9 04 mswsock.dll [File Not found] ()

x64-Catalog9 05 mswsock.dll [File Not found] ()

x64-Catalog9 06 mswsock.dll [File Not found] ()

x64-Catalog9 07 mswsock.dll [File Not found] ()

x64-Catalog9 08 mswsock.dll [File Not found] ()

x64-Catalog9 09 mswsock.dll [File Not found] ()

x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ================================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.

The Windows Event Log service could not be started.

A system error has occurred.

The system cannot find message text for message number 0x1069 in the message file for (null).

More help is available by typing NET HELPMSG 4201.

=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 6.2.1)

Adobe AIR (Version: 1.5.3.9130)

Adobe Anchor Service CS3 (Version: 1.0)

Adobe Anchor Service CS4 (Version: 2.0)

Adobe Asset Services CS3 (Version: 3)

Adobe Bridge CS3 (Version: 2)

Adobe Bridge CS4 (Version: 3)

Adobe Bridge Start Meeting (Version: 1.0)

Adobe Camera Raw 4.0 (Version: 4.0)

Adobe CMaps CS4 (Version: 2.0)

Adobe Color - Photoshop Specific (Version: 1.0)

Adobe Color EU Extra Settings CS4 (Version: 2.0)

Adobe Color JA Extra Settings CS4 (Version: 2.0)

Adobe Color NA Recommended Settings CS4 (Version: 2.0)

Adobe CSI CS4 (Version: 1)

Adobe CSI CS4 x64 (Version: 1)

Adobe Default Language CS4 (Version: 2.0)

Adobe Device Central CS3 (Version: 1.0)

Adobe Device Central CS4 (Version: 2)

Adobe Dreamweaver CS4 (Version: 10.0)

Adobe Drive CS4 (Version: 1)

Adobe Drive CS4 x64 (Version: 1)

Adobe Dynamiclink Support (Version: 1)

Adobe ExtendScript Toolkit 2 (Version: 2.0)

Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)

Adobe Extension Manager CS4 (Version: 2.0)

Adobe Flash CS4 (Version: 10.0)

Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)

Adobe Flash CS4 Professional (Version: 10.0)

Adobe Flash CS4 STI-en (Version: 10.0)

Adobe Flash Player 10 Plugin (Version: 10.3.183.10)

Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)

Adobe Fonts All (Version: 1.0)

Adobe Help Viewer CS3 (Version: 1)

Adobe Illustrator CS3 (Version: 13.0)

Adobe Linguistics CS3 (Version: 3.0.0)

Adobe Linguistics CS4 (Version: 4.0.0)

Adobe Media Encoder CS4 (Version: 1.0)

Adobe Media Encoder CS4 Importer (Version: 1.0)

Adobe Media Player (Version: 0.0.0)

Adobe Media Player (Version: 1.1)

Adobe Output Module (Version: 2.0)

Adobe PDF Library Files CS4 (Version: 9.0)

Adobe Photoshop CS3 (Version: 10)

Adobe Photoshop CS3 (Version: 10.0)

Adobe Reader 9.4.3 (Version: 9.4.3)

Adobe Search for Help (Version: 1.0)

Adobe Service Manager Extension (Version: 1.0)

Adobe Setup (Version: 1.0)

Adobe Setup (Version: 2.0)

Adobe Shockwave Player 11.6 (Version: 11.6.3.633)

Adobe Stock Photos CS3 (Version: 1.5)

Adobe Type Support CS4 (Version: 9.0)

Adobe Update Manager CS3 (Version: 5.1.0)

Adobe Update Manager CS4 (Version: 6.0.0)

Adobe Version Cue CS3 Client (Version: 3)

Adobe Widget Browser (Version: 1.0 Build 543)

Adobe Widget Browser (Version: 1.0.543)

Adobe WinSoft Linguistics Plugin (Version: 1.0)

Adobe WinSoft Linguistics Plugin (Version: 1.1)

Adobe XMP Panels CS3 (Version: 1.0)

Adobe XMP Panels CS4 (Version: 2.0)

AdobeColorCommonSetCMYK (Version: 2.0)

AdobeColorCommonSetRGB (Version: 2.0)

Advanced Audio FX Engine (Version: 1.12.05)

AIM 7

Apple Application Support (Version: 1.1.0)

Apple Application Support (Version: 1.5.0)

Apple Mobile Device Support (Version: 2.6.0.32)

Apple Mobile Device Support (Version: 3.4.0.25)

Apple Software Update (Version: 2.1.1.116)

Banctec Service Agreement (Version: 2.0.0)

Bonjour (Version: 2.0.4.0)

BufferChm (Version: 130.0.331.000)

Choice Guard (Version: 1.2.87.0)

Compatibility Pack for the 2007 Office system (Version: 12.0.4518.1014)

Connect (Version: 1.0.0.1)

Copy (Version: 130.0.366.000)

DataSlave 2.2.2.91 Map Editor (Version: 2.2.2.91)

Dell DataSafe Local Backup - Support Software (Version: 2.25)

Dell DataSafe Local Backup (Version: 9.3.24)

Dell Edoc Viewer (Version: 1.0.0)

Dell Getting Started Guide (Version: 1.00.0000)

Dell Support Center (Support Software) (Version: 2.5.09100)

Dell Webcam Central (Version: 1.40.05)

Destinations (Version: 130.0.0.0)

DeviceDiscovery (Version: 130.0.372.000)

DJ_AIO_05_F4400_Software_Min (Version: 130.0.448.000)

Download Updater (AOL LLC)

EPSON Artisan 810 Series Printer Uninstall

Epson Event Manager (Version: 2.30.01)

Epson FAX Utility (Version: 1.00.01)

Epson PC-FAX Driver

EPSON Scan

EpsonNet Print (Version: 2.4i)

EpsonNet Setup (Version: 3.1c)

F4400 (Version: 130.0.448.000)

Geek Squad 24 Hour Computer Support (Version: 3.0.330)

Google Earth (Version: 6.1.0.5001)

Google Talk Plugin (Version: 1.4.2.0)

Google Update Helper (Version: 1.3.21.79)

GoToAssist 8.0.0.514

HP Update (Version: 4.000.011.006)

HPPhotoGadget (Version: 130.0.282.000)

hpWLPGInstaller (Version: 130.0.303.000)

Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1872)

Intel® Matrix Storage Manager

iTunes (Version: 10.2.1.1)

Java Auto Updater (Version: 2.0.5.1)

Java 6 Update 14 (64-bit) (Version: 6.0.140)

Java 6 Update 29 (Version: 6.0.290)

Junk Mail filter update (Version: 14.0.8050.1202)

kuler (Version: 2.0)

Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)

Microsoft Office Professional 2007 (Version: 12.0.4518.1014)

Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Report Viewer Redistributable 2008

Microsoft Report Viewer Redistributable 2008 (Version: 9.0.21022)

Microsoft Search Enhancement Pack (Version: 1.2.121.0)

Microsoft Silverlight (Version: 4.0.50826.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)

Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)

Microsoft Visual Basic PowerPacks 1.2 (Version: 9.0.30729)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Works (Version: 9.7.0621)

MSVCRT (Version: 14.0.1468.721)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

PDF Settings CS4 (Version: 9.0)

Photoshop Camera Raw (Version: 5.0)

Picasa 3 (Version: 3.8)

Pixel Bender Toolkit (Version: 1.0)

PowerDVD DX (Version: 8.3.5424)

PowerISO

QBFC 5.0 (Version: 5.0.00203.0)

Quickset64 (Version: 9.6.6)

QuickTime (Version: 7.69.80.9)

Roxio Burn (Version: 1.0)

Roxio Burn (Version: 1.0.0)

Roxio Update Manager (Version: 6.0.0)

Scan (Version: 13.0.0.0)

Skype Toolbars (Version: 5.0.4137)

Skype™ 5.1 (Version: 5.1.104)

SmartWebPrinting (Version: 130.0.373.000)

Status (Version: 130.0.373.000)

Suite Shared Configuration CS4 (Version: 1.0)

SUPERAntiSpyware (Version: 5.0.1108)

swMSM (Version: 12.0.0.1)

Synaptics Pointing Device Driver (Version: 13.2.2.2)

Times Reader (Version: 2.054)

Toolbox (Version: 130.0.648.000)

TrayApp (Version: 130.0.376.000)

TweetDeck (Version: 0.33.2)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft Office Word 2007 (KB974631)

WebReg (Version: 130.0.132.017)

Windows Live Call (Version: 14.0.8050.1202)

Windows Live Communications Platform (Version: 14.0.8050.1202)

Windows Live Essentials (Version: 14.0.8050.1202)

Windows Live Mail (Version: 14.0.8050.1202)

Windows Live Messenger (Version: 14.0.8050.1202)

Windows Live Photo Gallery (Version: 14.0.8051.1204)

Windows Live Sign-in Assistant (Version: 5.000.817.1)

Windows Live Sync (Version: 14.0.8050.1202)

Windows Live Toolbar (Version: 14.0.8052.1208)

Windows Live Upload Tool (Version: 14.0.8014.1029)

Windows Live Writer (Version: 14.0.8050.1202)

Windows Media Player Firefox Plugin (Version: 1.0.0.8)

WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 58%

Total physical RAM: 4056.94 MB

Available physical RAM: 1678.04 MB

Total Pagefile: 8112.08 MB

Available Pagefile: 5864.68 MB

Total Virtual: 4095.88 MB

Available Virtual: 3974.4 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:318.91 GB) NTFS

========================= Users: ========================================

User accounts for \\LAPPY

Administrator Guest Owner

**** End of log ****

Thanks.

Oh... I also tried to download DDS but when I click on the link it just takes me to a blank window, that's why I gave the other logs

Link to post
Share on other sites

Welcome to the forum.

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

OTL Extras logfile created on: 12/14/2011 6:39:28 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 65.57% Memory free

7.92 Gb Paging File | 6.47 Gb Available in Paging File | 81.69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.07 Gb Total Space | 318.48 Gb Free Space | 70.60% Space Free | Partition Type: NTFS

Computer Name: LAPPY | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java 6 Update 14 (64-bit)

"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes

"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support

"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"EPSON Artisan 810 Series" = EPSON Artisan 810 Series Printer Uninstall

"HDMI" = Intel® Graphics Media Accelerator Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager

"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0E31CA83-8E2B-4B0D-A84D-F561B6CD482D}" = QBFC 5.0

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 29

"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar

"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement

"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update

"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup

"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant

"{5169D2E2-0B94-3320-8C7A-718F92BE20CE}" = Microsoft Visual Basic PowerPacks 1.2

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{597AB407-CD06-860C-0A65-5AF693C0C961}" = Adobe Widget Browser

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5E152D08-572A-3375-8FDE-DAD1EFB379BA}" = Microsoft Report Viewer Redistributable 2008

"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{62AD5F7F-9CFC-4523-AF83-C58F02836635}" = Geek Squad 24 Hour Computer Support

"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn

"{A75BC59B-10BF-6B87-DCC7-3501F158ACC6}" = Times Reader

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C1DA9C11-9488-5882-2087-33EC06344A76}" = TweetDeck

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup

"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform

"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4

"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy

"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync

"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3

"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3

"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional

"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"AIM_7" = AIM 7

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser

"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader

"DataSlave Map Editor" = DataSlave 2.2.2.91 Map Editor

"Dell Webcam Central" = Dell Webcam Central

"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver

"EPSON Scanner" = EPSON Scan

"GoToAssist" = GoToAssist 8.0.0.514

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft Report Viewer Redistributable 2008" = Microsoft Report Viewer Redistributable 2008

"Picasa 3" = Picasa 3

"PowerISO" = PowerISO

"PROR" = Microsoft Office Professional 2007

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1154990847-4153220528-1073308119-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"f031ef6ac137efc5" = Dell Driver Download Manager

"Google Chrome" = Google Chrome

"GoToMeeting" = GoToMeeting 4.8.0.723

"Move Media Player" = Move Media Player

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

====================================================================================================================================

OTL logfile created on: 12/14/2011 6:39:28 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 65.57% Memory free

7.92 Gb Paging File | 6.47 Gb Available in Paging File | 81.69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.07 Gb Total Space | 318.48 Gb Free Space | 70.60% Space Free | Partition Type: NTFS

Computer Name: LAPPY | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)

PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)

========== Modules (No Company Name) ==========

MOD - C:\Users\Owner\AppData\Local\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll ()

MOD - C:\Users\Owner\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll ()

MOD - C:\Users\Owner\AppData\Local\Google\Chrome\Application\15.0.874.121\avutil-51.dll ()

MOD - C:\Users\Owner\AppData\Local\Google\Chrome\Application\15.0.874.121\avformat-53.dll ()

MOD - C:\Users\Owner\AppData\Local\Google\Chrome\Application\15.0.874.121\avcodec-53.dll ()

MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL ()

MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()

MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()

MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)

SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.)

SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Acceler.sys (ST Microelectronics)

DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (O2MDGRDR) -- C:\Windows\SysNative\drivers\o2mdgx64.sys (O2Micro )

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (NETw5v64) Intel® -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)

DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1154990847-4153220528-1073308119-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

IE - HKU\S-1-5-21-1154990847-4153220528-1073308119-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-1154990847-4153220528-1073308119-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKU\S-1-5-21-1154990847-4153220528-1073308119-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKU\S-1-5-21-1154990847-4153220528-1073308119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1154990847-4153220528-1073308119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Owner\AppData\Roaming\Move Networks [2010/10/05 07:17:09 | 000,000,000 | ---D | M]

[2011/11/22 09:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/01/18 07:39:08 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2011/05/12 18:22:24 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll

[2011/05/12 18:22:24 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll

[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

[2011/08/31 05:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50826.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll

CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll

CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

Hosts file not found

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found

O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1154990847-4153220528-1073308119-1000\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-1154990847-4153220528-1073308119-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\S-1-5-21-1154990847-4153220528-1073308119-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A82C9485-23B9-48E3-8AAD-A50FDEB8BCF0}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/09/24 05:38:20 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2011/12/14 06:31:07 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/12/11 08:43:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\bitminer_removal

[2011/12/10 09:33:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com

[2011/12/10 09:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE

[2011/12/10 09:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2011/12/10 09:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2011/12/10 09:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011/12/10 09:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup

[2011/12/10 07:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2011/12/10 07:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2011/12/07 22:00:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2011/11/30 13:02:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2011/11/20 13:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\9970C

[2011/11/20 13:10:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\2E899

[2011/11/20 13:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP

[2011/11/20 13:10:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\CeellIBBtzP

[2011/11/20 13:10:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011

[2011/11/20 13:10:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\e7ddEK88gRZhXwU

[2011/11/20 13:09:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SjjjUCCekI

[2011/11/20 13:09:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\lhhTTXqjUCek

[2011/11/20 13:09:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\dooobFF3pmG5QJd

[2011/11/20 13:09:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\dammH66sWJ7fL8T

[2011/11/20 13:09:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SuuccS22ib3pn

[2011/11/20 13:09:27 | 000,000,000 | ---D | C] -- C:\Windows\system64

[2011/11/20 13:09:26 | 002,873,344 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Owner\Documents\gvrp.exe

[2011/11/20 12:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/14 06:31:38 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/12/14 06:30:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/12/14 06:30:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/12/14 06:28:06 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/12/14 06:28:06 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/12/14 06:28:06 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/12/14 06:27:05 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1154990847-4153220528-1073308119-1000UA1cc040b68f9f16c.job

[2011/12/14 06:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At14.job

[2011/12/14 06:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At13.job

[2011/12/14 06:23:52 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/12/14 06:23:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/12/13 18:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At38.job

[2011/12/13 18:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At37.job

[2011/12/13 17:51:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/13 17:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At36.job

[2011/12/13 17:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At35.job

[2011/12/13 16:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At34.job

[2011/12/13 16:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At33.job

[2011/12/13 15:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At32.job

[2011/12/13 15:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At31.job

[2011/12/13 14:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At30.job

[2011/12/13 14:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At29.job

[2011/12/13 13:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At28.job

[2011/12/13 13:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At27.job

[2011/12/13 12:27:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1154990847-4153220528-1073308119-1000Core.job

[2011/12/13 12:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At26.job

[2011/12/13 12:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At25.job

[2011/12/13 11:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At24.job

[2011/12/13 11:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At23.job

[2011/12/13 10:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At22.job

[2011/12/13 10:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At21.job

[2011/12/11 09:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At20.job

[2011/12/11 09:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At19.job

[2011/12/11 08:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At18.job

[2011/12/11 08:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At17.job

[2011/12/11 07:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At16.job

[2011/12/11 07:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At15.job

[2011/12/10 09:11:38 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/12/10 07:47:47 | 000,512,992 | ---- | M] () -- C:\Users\Owner\Desktop\sdsetup_revwire207.exe

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At8.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At6.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At48.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At46.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At44.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At42.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At40.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At4.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At2.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At12.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At10.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At9.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At7.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At5.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At47.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At45.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At43.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At41.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At39.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At3.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At11.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At1.job

[2011/12/07 22:19:01 | 000,002,150 | ---- | M] () -- C:\Windows\epplauncher.mif

[2011/11/30 13:02:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2011/11/25 18:31:27 | 000,000,112 | ---- | M] () -- C:\ProgramData\2GL88B.dat

[2011/11/25 18:19:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\F40FjDfCb.com.b

[2011/11/25 18:18:54 | 000,111,616 | ---- | M] () -- C:\Windows\SysWow64\F40FjDfCb.com_

[2011/11/22 08:17:49 | 000,002,405 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk

[2011/11/20 13:09:44 | 002,873,344 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Owner\Documents\gvrp.exe

[2011/11/20 12:01:35 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2011/11/17 10:40:48 | 000,077,806 | ---- | M] () -- C:\Users\Owner\Desktop\get-attachment.aspx.jpg

[2011/11/14 14:40:53 | 002,350,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/10 09:11:38 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/12/10 07:47:48 | 000,512,992 | ---- | C] () -- C:\Users\Owner\Desktop\sdsetup_revwire207.exe

[2011/12/07 22:19:01 | 000,002,150 | ---- | C] () -- C:\Windows\epplauncher.mif

[2011/11/28 00:51:14 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\F40FjDfCb.com_

[2011/11/25 18:19:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\F40FjDfCb.com.b

[2011/11/25 18:10:35 | 000,000,112 | ---- | C] () -- C:\ProgramData\2GL88B.dat

[2011/11/25 18:10:34 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At48.job

[2011/11/25 18:10:34 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At46.job

[2011/11/25 18:10:34 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At44.job

[2011/11/25 18:10:34 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At47.job

[2011/11/25 18:10:34 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At45.job

[2011/11/25 18:10:33 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At42.job

[2011/11/25 18:10:33 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At40.job

[2011/11/25 18:10:33 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At38.job

[2011/11/25 18:10:33 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At43.job

[2011/11/25 18:10:33 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At41.job

[2011/11/25 18:10:33 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At39.job

[2011/11/25 18:10:33 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At37.job

[2011/11/25 18:10:32 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At36.job

[2011/11/25 18:10:32 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At34.job

[2011/11/25 18:10:32 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At32.job

[2011/11/25 18:10:32 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At35.job

[2011/11/25 18:10:32 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At33.job

[2011/11/25 18:10:31 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At30.job

[2011/11/25 18:10:31 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At28.job

[2011/11/25 18:10:31 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At26.job

[2011/11/25 18:10:31 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At31.job

[2011/11/25 18:10:31 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At29.job

[2011/11/25 18:10:31 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At27.job

[2011/11/25 18:10:31 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At25.job

[2011/11/25 18:10:30 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At24.job

[2011/11/25 18:10:30 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At22.job

[2011/11/25 18:10:30 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At20.job

[2011/11/25 18:10:30 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At18.job

[2011/11/25 18:10:30 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At23.job

[2011/11/25 18:10:30 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At21.job

[2011/11/25 18:10:30 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At19.job

[2011/11/25 18:10:29 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At16.job

[2011/11/25 18:10:29 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At14.job

[2011/11/25 18:10:29 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At17.job

[2011/11/25 18:10:29 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At15.job

[2011/11/25 18:10:29 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At13.job

[2011/11/25 18:10:28 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At8.job

[2011/11/25 18:10:28 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At12.job

[2011/11/25 18:10:28 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At10.job

[2011/11/25 18:10:28 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At9.job

[2011/11/25 18:10:28 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At11.job

[2011/11/25 18:10:27 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At6.job

[2011/11/25 18:10:27 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At4.job

[2011/11/25 18:10:27 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At2.job

[2011/11/25 18:10:27 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At7.job

[2011/11/25 18:10:27 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At5.job

[2011/11/25 18:10:27 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At3.job

[2011/11/25 18:10:26 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At1.job

[2011/11/20 12:01:35 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2011/11/17 10:40:47 | 000,077,806 | ---- | C] () -- C:\Users\Owner\Desktop\get-attachment.aspx.jpg

[2011/09/30 09:03:17 | 000,469,406 | ---- | C] () -- C:\Windows\hpoins37.dat.temp

[2011/09/30 09:03:17 | 000,000,632 | ---- | C] () -- C:\Windows\hpomdl37.dat.temp

[2010/08/01 11:29:58 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/07/07 01:44:55 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI

[2010/06/28 11:34:58 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2010/06/28 11:34:58 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2010/06/28 11:34:58 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2010/06/28 11:34:58 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2010/06/28 11:34:58 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2010/06/28 11:34:58 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2010/06/28 11:34:58 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2010/06/28 11:34:58 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2010/06/28 11:34:58 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2010/06/28 11:34:58 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2010/06/28 11:34:58 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2010/06/28 11:34:58 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2010/06/28 11:34:58 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2010/06/28 11:34:58 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2010/06/28 11:34:58 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2010/06/28 11:34:58 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2010/06/28 11:31:40 | 000,000,090 | ---- | C] () -- C:\Windows\EPART810.ini

[2010/01/26 19:05:37 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2010/01/25 21:47:07 | 000,019,968 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/25 18:30:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010/01/25 18:20:32 | 000,000,416 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat

[2009/10/16 05:08:55 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2009/10/16 05:08:54 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009/10/16 05:08:54 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2009/08/13 21:51:32 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/12/02 13:24:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Epson

[2011/11/20 13:10:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\2E899

[2010/01/25 18:33:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore

[2011/05/12 18:22:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Catalina Marketing Corp

[2011/11/20 13:10:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CeellIBBtzP

[2010/01/26 00:23:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.ExMan

[2010/11/11 10:29:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1

[2011/11/20 13:09:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\dammH66sWJ7fL8T

[2011/11/20 13:09:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\dooobFF3pmG5QJd

[2011/11/20 13:10:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\e7ddEK88gRZhXwU

[2010/10/27 19:26:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson

[2011/08/03 05:52:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Fanurio

[2010/02/17 19:40:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo

[2010/06/28 11:38:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech

[2011/11/20 14:04:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\lhhTTXqjUCek

[2010/08/06 12:31:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Logic Software

[2011/11/20 13:09:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SjjjUCCekI

[2010/11/07 13:44:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\StreamTorrent

[2011/11/20 13:09:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SuuccS22ib3pn

[2010/01/25 18:20:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template

[2010/02/18 00:52:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2011/06/16 17:11:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Unity

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At1.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At10.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At11.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At12.job

[2011/12/14 06:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At13.job

[2011/12/14 06:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At14.job

[2011/12/11 07:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At15.job

[2011/12/11 07:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At16.job

[2011/12/11 08:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At17.job

[2011/12/11 08:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At18.job

[2011/12/11 09:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At19.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At2.job

[2011/12/11 09:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At20.job

[2011/12/13 10:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At21.job

[2011/12/13 10:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At22.job

[2011/12/13 11:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At23.job

[2011/12/13 11:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At24.job

[2011/12/13 12:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At25.job

[2011/12/13 12:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At26.job

[2011/12/13 13:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At27.job

[2011/12/13 13:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At28.job

[2011/12/13 14:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At29.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At3.job

[2011/12/13 14:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At30.job

[2011/12/13 15:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At31.job

[2011/12/13 15:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At32.job

[2011/12/13 16:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At33.job

[2011/12/13 16:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At34.job

[2011/12/13 17:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At35.job

[2011/12/13 17:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At36.job

[2011/12/13 18:26:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At37.job

[2011/12/13 18:26:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At38.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At39.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At4.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At40.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At41.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At42.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At43.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At44.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At45.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At46.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At47.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At48.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At5.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At6.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At7.job

[2011/12/10 07:21:02 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At8.job

[2011/12/10 07:21:02 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At9.job

[2011/12/09 13:51:58 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

Please do this:

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:


del /a/f/q "C:\WINDOWS\Tasks\At*.job"

Save this as delete.bat and choose to Save as type: - All Files then close the Notepad file.

It should look like this: bat.JPG

Double-click on delete.bat and allow it to run. Please delete the file afterwards.

-----------------------------------

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - File not found
    IE - HKU\S-1-5-21-1154990847-4153220528-1073308119-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
    O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1154990847-4153220528-1073308119-1000\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
    [2011/11/20 13:10:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\CeellIBBtzP
    [2011/11/20 13:10:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011
    [2011/11/20 13:10:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\e7ddEK88gRZhXwU
    [2011/11/20 13:09:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SjjjUCCekI
    [2011/11/20 13:09:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\lhhTTXqjUCek
    [2011/11/20 13:09:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\dooobFF3pmG5QJd
    [2011/11/20 13:09:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\dammH66sWJ7fL8T
    [2011/11/20 13:09:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SuuccS22ib3pn
    [2011/11/25 18:19:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\F40FjDfCb.com.b
    [2011/11/25 18:18:54 | 000,111,616 | ---- | M] () -- C:\Windows\SysWow64\F40FjDfCb.com_
    [2011/11/20 13:09:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\dammH66sWJ7fL8T
    [2011/11/20 13:09:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\dooobFF3pmG5QJd
    [2011/11/20 13:10:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\e7ddEK88gRZhXwU
    [2011/11/20 14:04:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\lhhTTXqjUCek
    [2011/11/20 13:09:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SjjjUCCekI
    [2011/11/20 13:09:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SuuccS22ib3pn


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

ComboFix 11-12-13.03 - Owner 12/14/2011 8:38.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4057.2984 [GMT -5:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\LP

c:\program files (x86)\LP\78B2\688.tmp

c:\program files (x86)\LP\78B2\90CE.tmp

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011\AV Protection 2011.lnk

c:\users\Owner\g2mdlhlpx.exe

c:\windows\system32\consrv.dll

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))

.

.

2011-12-14 13:52 . 2011-12-14 13:52 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-12-14 13:52 . 2011-12-14 13:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-14 12:55 . 2011-12-14 12:55 -------- d-----w- C:\_OTL

2011-12-10 14:33 . 2011-12-10 14:33 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com

2011-12-10 14:11 . 2011-12-10 14:11 -------- d-----w- c:\programdata\!SASCORE

2011-12-10 14:11 . 2011-12-14 13:26 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-10 14:11 . 2011-12-10 14:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-12-10 14:11 . 2011-12-10 14:11 -------- d-----w- c:\programdata\SUPERSetup

2011-12-10 12:47 . 2011-12-10 17:28 -------- d-----w- c:\programdata\PC Tools

2011-12-08 03:00 . 2011-12-08 03:00 -------- d-----w- C:\TDSSKiller_Quarantine

2011-11-28 05:51 . 2011-11-25 23:18 111616 ----a-w- c:\windows\SysWow64\F40FjDfCb.com_

2011-11-20 18:10 . 2011-11-20 19:04 -------- d-----w- c:\program files (x86)\9970C

2011-11-20 18:10 . 2011-11-20 18:10 -------- d-----w- c:\users\Owner\AppData\Roaming\2E899

2011-11-20 18:10 . 2011-11-20 18:10 -------- d-----w- c:\users\Owner\AppData\Roaming\CeellIBBtzP

2011-11-20 18:10 . 2011-11-20 18:10 -------- d-----w- c:\users\Owner\AppData\Roaming\e7ddEK88gRZhXwU

2011-11-20 18:09 . 2011-11-20 19:04 -------- d-----w- c:\users\Owner\AppData\Roaming\lhhTTXqjUCek

2011-11-20 18:09 . 2011-11-20 18:09 -------- d-----w- c:\users\Owner\AppData\Roaming\SjjjUCCekI

2011-11-20 18:09 . 2011-11-20 18:09 -------- d-----w- c:\users\Owner\AppData\Roaming\dooobFF3pmG5QJd

2011-11-20 18:09 . 2011-11-20 18:09 -------- d-----w- c:\users\Owner\AppData\Roaming\dammH66sWJ7fL8T

2011-11-20 18:09 . 2011-11-20 18:09 -------- d-----w- c:\users\Owner\AppData\Roaming\SuuccS22ib3pn

2011-11-18 11:51 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{829B056F-3030-460C-98C3-5382D93C7814}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-25 14:30 . 2011-06-08 11:43 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-03 10:06 . 2010-09-29 12:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-09-29 16:29 . 2011-11-10 11:57 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-29 04:03 . 2011-11-11 08:03 3144704 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]

2009-06-24 21:21 409744 ----a-w- c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 13:59 206064 ----a-w- c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2009-06-25 01:19 140520 ----a-w- c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 136176]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-07-16 648432]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-12-14 140672]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]

S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 03:29]

.

2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 03:29]

.

2011-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1154990847-4153220528-1073308119-1000Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-25 23:22]

.

2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1154990847-4153220528-1073308119-1000UA1cc040b68f9f16c.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-25 23:22]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-14 159232]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-14 380928]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-14 358912]

"combofix"="c:\combofix\CF21093.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

MSConfigStartUp-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,

25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c

"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=hex:51,66,7a,6c,4c,1d,38,12,55,e2,d0,

7e,f8,75,36,04,cc,26,b5,2d,be,5d,85,a1

"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,

07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}"=hex:51,66,7a,6c,4c,1d,38,12,4d,a0,e0,

7c,bc,37,84,0f,e5,41,cb,b4,b5,01,91,c9

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,

e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04

"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,

fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\windows\system32\DRIVERS\o2flash.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe

.

**************************************************************************

.

Completion time: 2011-12-14 09:00:38 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-14 14:00

.

Pre-Run: 344,334,897,152 bytes free

Post-Run: 344,941,821,952 bytes free

.

- - End Of File - - A08E6448A4C8299531D4C629CCF6FB3A

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

File::

c:\windows\SysWow64\F40FjDfCb.com_

Folder::

c:\program files (x86)\9970C

c:\users\Owner\AppData\Roaming\2E899

c:\users\Owner\AppData\Roaming\CeellIBBtzP

c:\users\Owner\AppData\Roaming\e7ddEK88gRZhXwU

c:\users\Owner\AppData\Roaming\lhhTTXqjUCek

c:\users\Owner\AppData\Roaming\SjjjUCCekI

c:\users\Owner\AppData\Roaming\dooobFF3pmG5QJd

c:\users\Owner\AppData\Roaming\dammH66sWJ7fL8T

c:\users\Owner\AppData\Roaming\SuuccS22ib3pn

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

ComboFix 11-12-13.03 - Owner 12/14/2011 11:01:39.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4057.2548 [GMT -5:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

Command switches used :: c:\users\Owner\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\SysWow64\F40FjDfCb.com_"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\9970C

c:\users\Owner\AppData\Roaming\2E899

c:\users\Owner\AppData\Roaming\2E899\970C.E89

c:\users\Owner\AppData\Roaming\CeellIBBtzP

c:\users\Owner\AppData\Roaming\CeellIBBtzP\AV Protection 2011.ico

c:\users\Owner\AppData\Roaming\dammH66sWJ7fL8T

c:\users\Owner\AppData\Roaming\dooobFF3pmG5QJd

c:\users\Owner\AppData\Roaming\e7ddEK88gRZhXwU

c:\users\Owner\AppData\Roaming\lhhTTXqjUCek

c:\users\Owner\AppData\Roaming\SjjjUCCekI

c:\users\Owner\AppData\Roaming\SuuccS22ib3pn

.

.

((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))

.

.

2011-12-14 16:13 . 2011-12-14 16:13 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-12-14 16:13 . 2011-12-14 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-14 12:55 . 2011-12-14 12:55 -------- d-----w- C:\_OTL

2011-12-10 14:33 . 2011-12-10 14:33 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com

2011-12-10 14:11 . 2011-12-10 14:11 -------- d-----w- c:\programdata\!SASCORE

2011-12-10 14:11 . 2011-12-14 13:26 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-10 14:11 . 2011-12-10 14:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-12-10 14:11 . 2011-12-10 14:11 -------- d-----w- c:\programdata\SUPERSetup

2011-12-10 12:47 . 2011-12-10 17:28 -------- d-----w- c:\programdata\PC Tools

2011-12-08 03:00 . 2011-12-08 03:00 -------- d-----w- C:\TDSSKiller_Quarantine

2011-11-28 05:51 . 2011-11-25 23:18 111616 ----a-w- c:\windows\SysWow64\F40FjDfCb.com_

2011-11-18 11:51 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{829B056F-3030-460C-98C3-5382D93C7814}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-25 14:30 . 2011-06-08 11:43 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-03 10:06 . 2010-09-29 12:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-09-29 16:29 . 2011-11-10 11:57 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-29 04:03 . 2011-11-11 08:03 3144704 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-14_13.55.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 05:10 . 2011-12-14 13:56 42316 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-01-08 16:34 . 2011-12-14 13:56 15974 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1154990847-4153220528-1073308119-1000_UserData.bin

+ 2009-07-14 02:36 . 2011-12-14 14:00 627082 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-12-14 13:32 627082 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-12-14 14:00 107366 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-12-14 13:32 107366 c:\windows\system32\perfc009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]

2009-06-24 21:21 409744 ----a-w- c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 13:59 206064 ----a-w- c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2009-06-25 01:19 140520 ----a-w- c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

c:\program files (x86)\Java\jre6\bin\jusched.exe [bU]

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 136176]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-07-16 648432]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-12-14 140672]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]

S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 03:29]

.

2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 03:29]

.

2011-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1154990847-4153220528-1073308119-1000Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-25 23:22]

.

2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1154990847-4153220528-1073308119-1000UA1cc040b68f9f16c.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-25 23:22]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-14 159232]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-14 380928]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-14 358912]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,

25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c

"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=hex:51,66,7a,6c,4c,1d,38,12,55,e2,d0,

7e,f8,75,36,04,cc,26,b5,2d,be,5d,85,a1

"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,

07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}"=hex:51,66,7a,6c,4c,1d,38,12,4d,a0,e0,

7c,bc,37,84,0f,e5,41,cb,b4,b5,01,91,c9

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,

e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04

"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,

fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-12-14 11:17:12

ComboFix-quarantined-files.txt 2011-12-14 16:17

ComboFix2.txt 2011-12-14 14:00

.

Pre-Run: 344,873,631,744 bytes free

Post-Run: 344,586,088,448 bytes free

.

- - End Of File - - E8AA0A386D1215EDFD4C98975F70ED46

Link to post
Share on other sites

See if you can do this:

Download DDS and save it to your desktop from one of the three links below:

http://download.bleepingcomputer.com/sUBs/dds.scr

http://download.bleepingcomputer.com/sUBs/dds.com

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt

Attach.txt

Save both reports to your desktop and post them back here.

MrC

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Owner at 12:21:12 on 2011-12-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4057.2449 [GMT -5:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\DRIVERS\o2flash.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\notepad.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\calc.exe

C:\Windows\system32\notepad.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: MRI_DISABLED - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A82C9485-23B9-48E3-8AAD-A50FDEB8BCF0} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A82C9485-23B9-48E3-8AAD-A50FDEB8BCF0}\4454D4F4E4F5C494E4B4 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A82C9485-23B9-48E3-8AAD-A50FDEB8BCF0}\46C696E6B6 : DhcpNameServer = 192.168.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: MRI_DISABLED - No File

BHO-X64: AcroIEHelperStub - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]

R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-2 136176]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-1-25 366152]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-2 136176]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-16 648432]

.

=============== Created Last 30 ================

.

2011-12-14 15:59:59 -------- d-----w- C:\ComboFix

2011-12-14 13:36:19 98816 ----a-w- C:\Windows\sed.exe

2011-12-14 13:36:19 518144 ----a-w- C:\Windows\SWREG.exe

2011-12-14 13:36:19 256000 ----a-w- C:\Windows\PEV.exe

2011-12-14 13:36:19 208896 ----a-w- C:\Windows\MBR.exe

2011-12-14 12:55:43 -------- d-----w- C:\_OTL

2011-12-10 14:33:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com

2011-12-10 14:11:39 -------- d-----w- C:\ProgramData\!SASCORE

2011-12-10 14:11:33 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-12-10 14:11:33 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-12-10 14:11:21 -------- d-----w- C:\ProgramData\SUPERSetup

2011-12-10 12:47:48 -------- d-----w- C:\ProgramData\PC Tools

2011-12-08 03:00:08 -------- d-----w- C:\TDSSKiller_Quarantine

2011-11-28 05:51:14 111616 ----a-w- C:\Windows\SysWow64\F40FjDfCb.com_

2011-11-18 11:51:58 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{829B056F-3030-460C-98C3-5382D93C7814}\mpengine.dll

.

==================== Find3M ====================

.

2011-11-25 14:30:09 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-03 10:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 12:21:43.21 ============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/8/2010 11:24:09 AM

System Uptime: 12/14/2011 8:54:44 AM (4 hours ago)

.

Motherboard: Dell Inc. | | 0G914P

Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | U2E1 | 2200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 320.973 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP621: 11/28/2011 9:45:06 PM - Installed Java 6 Update 29

RP622: 12/7/2011 9:29:33 PM - Removed BillingTracker Pro 4

RP624: 12/7/2011 9:44:55 PM - Removed service pack backup files

RP625: 12/14/2011 8:36:28 AM - ComboFix created restore point

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Anchor Service CS3

Adobe Anchor Service CS4

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge CS4

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps CS4

Adobe Color - Photoshop Specific

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS3

Adobe Device Central CS4

Adobe Dreamweaver CS4

Adobe Drive CS4

Adobe Dynamiclink Support

Adobe ExtendScript Toolkit 2

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash CS4

Adobe Flash CS4 Extension - Flash Lite STI en

Adobe Flash CS4 Professional

Adobe Flash CS4 STI-en

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe Linguistics CS3

Adobe Linguistics CS4

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS3

Adobe Reader 9.4.3

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Shockwave Player 11.6

Adobe Stock Photos CS3

Adobe Type Support CS4

Adobe Update Manager CS3

Adobe Update Manager CS4

Adobe Version Cue CS3 Client

Adobe Widget Browser

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Advanced Audio FX Engine

AIM 7

Apple Application Support

Apple Software Update

Banctec Service Agreement

BufferChm

Choice Guard

Compatibility Pack for the 2007 Office system

Connect

Copy

DataSlave 2.2.2.91 Map Editor

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Driver Download Manager

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Webcam Central

Destinations

DeviceDiscovery

DJ_AIO_05_F4400_Software_Min

Download Updater (AOL LLC)

Epson Event Manager

Epson FAX Utility

Epson PC-FAX Driver

EPSON Scan

EpsonNet Print

EpsonNet Setup

F4400

Geek Squad 24 Hour Computer Support

Google Chrome

Google Earth

Google Talk Plugin

Google Update Helper

GoToAssist 8.0.0.514

GoToMeeting 4.8.0.723

HP Update

HPPhotoGadget

hpWLPGInstaller

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

kuler

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Report Viewer Redistributable 2008

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual Basic PowerPacks 1.2

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Move Media Player

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Octoshape add-in for Adobe Flash Player

PDF Settings CS4

Photoshop Camera Raw

Picasa 3

Pixel Bender Toolkit

PowerDVD DX

PowerISO

QBFC 5.0

QuickTime

Roxio Burn

Roxio Update Manager

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Skype Toolbars

Skype™ 5.1

SmartWebPrinting

Status

Suite Shared Configuration CS4

swMSM

Times Reader

Toolbox

TrayApp

TweetDeck

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office Word 2007 (KB974631)

WebReg

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Player Firefox Plugin

WinRAR archiver

.

==== End Of File ===========================

Link to post
Share on other sites

Here is the quick scan results. I am running a full scan now because if I remember correctly the last time I did a quick scan pup.bitminer did not show up but it did when I ran a full scan.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8370

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

12/14/2011 1:38:46 PM

mbam-log-2011-12-14 (13-38-46).txt

Scan type: Quick scan

Objects scanned: 196552

Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8370

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

12/14/2011 3:28:01 PM

mbam-log-2011-12-14 (15-28-01).txt

Scan type: Full scan (C:\|)

Objects scanned: 388162

Time elapsed: 38 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Full Scan Results... still there.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.