Jump to content

Mediashifting.com please help


Recommended Posts

Hi, new to the forums. I recently started getting problems with my browser and searching online. I'm constantly getting redirected to a site called Mediashifting.com

I've updated MBAM and ran several quick scans and a full scan, but the problem doesn't seem to go away. Please let me know what I can do. Thank you

Here is the MBAM quick scan log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122301

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/22/2011 4:16:02 PM

mbam-log-2011-12-22 (16-16-02).txt

Scan type: Quick scan

Objects scanned: 194976

Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Updated MBAM quick scan log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122304

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/22/2011 9:05:30 PM

mbam-log-2011-12-22 (21-05-30).txt

Scan type: Quick scan

Objects scanned: 195140

Time elapsed: 2 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Run by Administrator at 21:07:56 on 2011-12-22

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2434 [GMT -8:00]

.

AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}

SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\explorer.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\explorer.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://start.cybercafeproservices.com/?cName=computer0-PC

uInternet Settings,ProxyOverride = *.local;192.168.*.*

mWinlogon: Shell=C:\PROGRA~2\CCPCLI~1\CCPCLI~1.EXE

uWinlogon: Shell=C:\Users\Administrator\AppData\Local\6e41ae17\X

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"

uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

mRun: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

dRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"

uPolicies-explorer: HideSCAHealth = 1 (0x1)

uPolicies-system: NoDevMgrPage = 0 (0x0)

uPolicies-system: HideFastUserSwitching = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: NoDevMgrPage = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4B2E96CE-2F3E-4703-B952-0F967E61B252} : DhcpNameServer = 192.168.1.1

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

mRun-x64: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r

mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\n1g1eodj.default\

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Users\Administrator\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 DeepFrz;DeepFrz;C:\Windows\system32\drivers\DeepFrz.sys --> C:\Windows\system32\drivers\DeepFrz.sys [?]

R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2011-12-15 87368]

R2 DFServ;DFServ;C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [2009-11-12 1057192]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-29 735960]

R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-8-17 239648]

R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-26 136176]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-17 1153368]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-26 136176]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-12-22 17:50:14 -------- d-sh--w- C:\Users\Administrator\AppData\Local\6e41ae17

2011-12-19 18:34:29 -------- d-----w- C:\Program Files (x86)\World of Warcraft

2011-12-17 17:33:06 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap

2011-12-17 17:33:06 -------- d-----w- C:\Binaries

2011-12-17 17:33:04 -------- d-----w- C:\Program Files (x86)\Motorola Media Link

2011-12-17 17:32:49 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp

2011-12-17 17:32:44 -------- d-----w- C:\Temp

2011-12-17 17:32:22 -------- d-----w- C:\Program Files\Motorola Inc

2011-12-06 10:58:53 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2011-12-05 17:35:19 -------- d-----w- C:\ProgramData\Verizon

2011-12-05 17:35:18 -------- d-----w- C:\Users\Administrator\AppData\Local\V CAST Media Manager

2011-12-05 17:34:59 60273 ----a-w- C:\Windows\SysWow64\pthreadGC2.dll

2011-12-05 17:34:59 57344 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2011-12-05 17:34:58 -------- d-----w- C:\Program Files (x86)\ffdshow

2011-12-05 17:34:29 -------- d-----w- C:\Program Files\Verizon V CAST Media Manager

2011-12-05 17:31:11 -------- d-----w- C:\Users\Administrator\.gstreamer-0.10

2011-12-05 17:30:55 -------- d-----w- C:\Users\Administrator\AppData\Roaming\MotoCast

2011-12-05 17:30:45 -------- d-----w- C:\Users\Administrator\AppData\Local\Motorola

2011-12-05 17:30:34 -------- d-----w- C:\ProgramData\Nero

2011-12-05 17:30:33 -------- d-----w- C:\ProgramData\Motorola

2011-12-05 17:30:30 -------- d-----w- C:\Program Files (x86)\Motorola Mobility

2011-12-05 17:30:00 -------- d-----w- C:\Program Files\Common Files\Motorola Shared

2011-12-05 17:28:48 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Motorola

2011-12-05 17:28:48 -------- d-----w- C:\Program Files (x86)\Motorola

.

==================== Find3M ====================

.

2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys

2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll

2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec

2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2011-10-24 15:16:42 602112 ----a-w- C:\Windows\SysWow64\xvid.dll

2011-10-21 20:53:31 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-15 06:25:12 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-10-15 05:48:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-27 16:33:56 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll

2011-09-27 16:33:55 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll

2011-09-27 16:33:55 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll

.

============= FINISH: 21:08:20.82 ===============

Link to post
Share on other sites

ComboFix 11-12-22.04 - Administrator 12/22/2011 22:11:02.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2970 [GMT -8:00]

Running from: c:\users\Administrator\Downloads\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}

SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\dfinstall.log

C:\install.exe

c:\users\Administrator\AppData\Local\{DC526A9C-9AF5-47BD-BA09-48CBA4740E4A}

c:\users\Administrator\AppData\Local\{DC526A9C-9AF5-47BD-BA09-48CBA4740E4A}\chrome.manifest

c:\users\Administrator\AppData\Local\{DC526A9C-9AF5-47BD-BA09-48CBA4740E4A}\chrome\content\_cfg.js

c:\users\Administrator\AppData\Local\{DC526A9C-9AF5-47BD-BA09-48CBA4740E4A}\chrome\content\overlay.xul

c:\users\Administrator\AppData\Local\{DC526A9C-9AF5-47BD-BA09-48CBA4740E4A}\install.rdf

c:\users\Administrator\AppData\Local\6e41ae17\U

c:\users\Administrator\AppData\Local\6e41ae17\U\80000000.@

c:\users\Administrator\AppData\Local\6e41ae17\U\800000cb.@

c:\users\Administrator\AppData\Local\6e41ae17\U\800000cf.@

c:\users\Administrator\AppData\Local\6e41ae17\X

c:\windows\assembly\tmp\U

c:\windows\assembly\tmp\U\00000001.@

c:\windows\assembly\tmp\U\000000c0.@

c:\windows\assembly\tmp\U\000000cb.@

c:\windows\assembly\tmp\U\000000cf.@

c:\windows\assembly\tmp\U\80000000.@

c:\windows\assembly\tmp\U\800000c0.@

c:\windows\assembly\tmp\U\800000cb.@

c:\windows\assembly\tmp\U\800000cf.@

c:\windows\system32\consrv.dll

c:\windows\TEMP\FB4E.dir\InstallFlashPlayer.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2011-11-23 to 2011-12-23 )))))))))))))))))))))))))))))))

.

.

2011-12-23 06:16 . 2011-12-23 06:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-23 06:16 . 2011-12-23 06:16 -------- d-----w- c:\users\computer 12\AppData\Local\temp

2011-12-22 17:50 . 2011-12-23 06:16 -------- d-sh--w- c:\users\Administrator\AppData\Local\6e41ae17

2011-12-19 18:34 . 2011-12-21 20:08 -------- d-----w- c:\program files (x86)\World of Warcraft

2011-12-17 17:33 . 2011-12-17 17:33 -------- d-----w- c:\windows\SysWow64\config\systemprofile\.gstreamer-0.10

2011-12-17 17:33 . 2011-12-17 17:33 -------- d-----w- C:\Binaries

2011-12-17 17:33 . 2011-12-17 17:33 -------- d-----w- c:\program files (x86)\Motorola Media Link

2011-12-17 17:32 . 2011-12-17 17:32 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp

2011-12-17 17:32 . 2011-12-23 06:18 -------- d-----w- C:\Temp

2011-12-17 17:32 . 2011-12-17 17:32 -------- d-----w- c:\program files\Motorola Inc

2011-12-17 17:31 . 2011-12-17 17:31 -------- d-----w- c:\users\Default\AppData\Roaming\Motorola

2011-12-06 10:58 . 2011-12-06 10:58 -------- d-----w- c:\program files (x86)\MSXML 4.0

2011-12-05 17:35 . 2011-12-05 17:35 -------- d-----w- c:\users\Administrator\AppData\Roaming\vlc

2011-12-05 17:35 . 2011-12-05 17:35 -------- d-----w- c:\programdata\Verizon

2011-12-05 17:35 . 2011-12-05 17:36 -------- d-----w- c:\users\Administrator\AppData\Local\V CAST Media Manager

2011-12-05 17:34 . 2008-12-18 03:22 57344 ----a-w- c:\windows\SysWow64\ff_vfw.dll

2011-12-05 17:34 . 2008-12-11 21:26 60273 ----a-w- c:\windows\SysWow64\pthreadGC2.dll

2011-12-05 17:34 . 2011-12-05 17:35 -------- d-----w- c:\program files (x86)\ffdshow

2011-12-05 17:34 . 2011-12-05 17:34 -------- d-----w- c:\program files\Verizon V CAST Media Manager

2011-12-05 17:31 . 2011-12-23 06:05 -------- d-----w- c:\users\Administrator\.gstreamer-0.10

2011-12-05 17:30 . 2011-12-23 06:07 -------- d-----w- c:\users\Administrator\AppData\Roaming\MotoCast

2011-12-05 17:30 . 2011-12-05 17:30 -------- d-----w- c:\users\Administrator\AppData\Local\Motorola

2011-12-05 17:30 . 2011-12-05 17:30 -------- d-----w- c:\program files (x86)\Common Files\Nero

2011-12-05 17:30 . 2011-12-17 17:33 -------- d-----w- c:\programdata\Nero

2011-12-05 17:30 . 2011-12-05 17:30 -------- d-----w- c:\programdata\Motorola

2011-12-05 17:30 . 2011-12-05 17:30 -------- d-----w- c:\program files (x86)\Motorola Mobility

2011-12-05 17:30 . 2011-12-05 17:30 -------- d-----w- c:\program files\Common Files\Motorola Shared

2011-12-05 17:28 . 2011-12-05 17:30 -------- d-----w- c:\users\Administrator\AppData\Roaming\Motorola

2011-12-05 17:28 . 2011-12-05 17:29 -------- d-----w- c:\program files (x86)\Motorola

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2011-10-24 15:16 . 2011-10-24 15:16 602112 ----a-w- c:\windows\SysWow64\xvid.dll

2011-10-21 20:53 . 2011-10-21 20:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-29 16:24 . 2011-11-11 15:30 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-27 16:33 . 2011-07-24 19:26 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll

2011-09-27 16:33 . 2011-07-24 19:26 17212 ----atw- c:\windows\SysWow64\SIntf32.dll

2011-09-27 16:33 . 2011-07-24 19:26 12067 ----atw- c:\windows\SysWow64\SIntf16.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2011-12-17 1979]

"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-10-23 5013128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-24 2245120]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2011-12-17 1979]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"NoDevMgrPage"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoDevMgrPage"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /k:C *

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-26 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-26 136176]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 DeepFrz;DeepFrz; [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2011-12-15 87368]

S2 DFServ;DFServ;c:\program files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [2009-11-12 1057192]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-08-17 239648]

S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-26 18:49]

.

2011-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-26 18:49]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 855608]

"combofix"="c:\combofix\CF14820.3XE" [2009-07-14 344576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://start.cybercafeproservices.com/?cName=computer0-PC

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;192.168.*.*

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\n1g1eodj.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,1c,13,c5,42,79,b2,4a,b1,31,68,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,1c,13,c5,42,79,b2,4a,b1,31,68,\

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3G2"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3GP"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3G2"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3GP"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AVI"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.CDA"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.m3u"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M4A"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MOV"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.TTS"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.TTS"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAV"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAX"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMA"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMD"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMS"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMV"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMZ"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WPL"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WVX"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-1452823854-2940402165-104168132-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

c:\program files (x86)\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe

c:\program files (x86)\Motorola Mobility\MotoCast\MotoCast.exe

.

**************************************************************************

.

Completion time: 2011-12-22 22:23:55 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-23 06:23

.

Pre-Run: 187,602,415,616 bytes free

Post-Run: 187,423,043,584 bytes free

.

- - End Of File - - CBF6BE9CBB689BFA4B2AB9A8F9E1FB01

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Run by Administrator at 22:27:05 on 2011-12-22

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2776 [GMT -8:00]

.

AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}

SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\notepad.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://start.cybercafeproservices.com/?cName=computer0-PC

uInternet Settings,ProxyOverride = *.local;192.168.*.*

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"

uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

mRun: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

dRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"

uPolicies-system: NoDevMgrPage = 0 (0x0)

uPolicies-system: HideFastUserSwitching = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: NoDevMgrPage = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4B2E96CE-2F3E-4703-B952-0F967E61B252} : DhcpNameServer = 192.168.1.1

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

mRun-x64: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r

mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\n1g1eodj.default\

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Users\Administrator\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 DeepFrz;DeepFrz;C:\Windows\system32\drivers\DeepFrz.sys --> C:\Windows\system32\drivers\DeepFrz.sys [?]

R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2011-12-15 87368]

R2 DFServ;DFServ;C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [2009-11-12 1057192]

R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-17 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-8-17 239648]

R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-26 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-26 136176]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-12-23 06:07:51 98816 ----a-w- C:\Windows\sed.exe

2011-12-23 06:07:51 518144 ----a-w- C:\Windows\SWREG.exe

2011-12-23 06:07:51 256000 ----a-w- C:\Windows\PEV.exe

2011-12-23 06:07:51 208896 ----a-w- C:\Windows\MBR.exe

2011-12-22 17:50:14 -------- d-sh--w- C:\Users\Administrator\AppData\Local\6e41ae17

2011-12-19 18:34:29 -------- d-----w- C:\Program Files (x86)\World of Warcraft

2011-12-17 17:33:06 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap

2011-12-17 17:33:06 -------- d-----w- C:\Binaries

2011-12-17 17:33:04 -------- d-----w- C:\Program Files (x86)\Motorola Media Link

2011-12-17 17:32:49 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp

2011-12-17 17:32:44 -------- d-----w- C:\Temp

2011-12-17 17:32:22 -------- d-----w- C:\Program Files\Motorola Inc

2011-12-06 10:58:53 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2011-12-05 17:35:19 -------- d-----w- C:\ProgramData\Verizon

2011-12-05 17:35:18 -------- d-----w- C:\Users\Administrator\AppData\Local\V CAST Media Manager

2011-12-05 17:34:59 60273 ----a-w- C:\Windows\SysWow64\pthreadGC2.dll

2011-12-05 17:34:59 57344 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2011-12-05 17:34:58 -------- d-----w- C:\Program Files (x86)\ffdshow

2011-12-05 17:34:29 -------- d-----w- C:\Program Files\Verizon V CAST Media Manager

2011-12-05 17:31:11 -------- d-----w- C:\Users\Administrator\.gstreamer-0.10

2011-12-05 17:30:55 -------- d-----w- C:\Users\Administrator\AppData\Roaming\MotoCast

2011-12-05 17:30:45 -------- d-----w- C:\Users\Administrator\AppData\Local\Motorola

2011-12-05 17:30:34 -------- d-----w- C:\ProgramData\Nero

2011-12-05 17:30:33 -------- d-----w- C:\ProgramData\Motorola

2011-12-05 17:30:30 -------- d-----w- C:\Program Files (x86)\Motorola Mobility

2011-12-05 17:30:00 -------- d-----w- C:\Program Files\Common Files\Motorola Shared

2011-12-05 17:28:48 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Motorola

2011-12-05 17:28:48 -------- d-----w- C:\Program Files (x86)\Motorola

.

==================== Find3M ====================

.

2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys

2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll

2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec

2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2011-10-24 15:16:42 602112 ----a-w- C:\Windows\SysWow64\xvid.dll

2011-10-21 20:53:31 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-15 06:25:12 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-10-15 05:48:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-27 16:33:56 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll

2011-09-27 16:33:55 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll

2011-09-27 16:33:55 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll

.

============= FINISH: 22:27:25.30 ===============

Link to post
Share on other sites

  • 1 month later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.