Can anyone help me clean up my comp? (if it needs it)...

ronchettic · April 23, 2012

Hi Guys

My computer isn't slowing down or acting weird but I have seen some toolbars in Firefox which when I try and uninstall they don't go away so just wondering if I might need to clean it up a bit.

I downloaded and ran a quick scan with Malwarebytes and it found nothing. I attach my hijackthis log and would be happy if someone could look at it for me and just may be recommend anything that needs to be done (if anything does need to be done).

Thank you

Christian

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:54:13, on 23/04/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe

C:\Program Files (x86)\Plustek\Plustek OpticBook 3800\book express.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe

C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109980&babsrc=HP_ss&mntrId=d8a31185000000000000d0df9a8d65b5

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll (file missing)

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll (file missing)

O3 - Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Christian Ronchetti\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: TaskBar.vbs (User 'Default user')

O4 - Startup: Colour Explorer 9,0.lnk = C:\Program Files (x86)\MicrolinkPC\CXLOADER.exe

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

O4 - Global Startup: Book Pavilion (Plustek OpticBook 3800).lnk = ?

O4 - Global Startup: Device Detector 4.lnk = C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Send Image To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201

O8 - Extra context menu item: Send Link To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203

O8 - Extra context menu item: Send Page To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204

O8 - Extra context menu item: Send Text To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://88.247.210.37:81/activex/AMC.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs:

O23 - Service: ABBYY FineReader 11 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.11.0) - ABBYY - C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe

O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Olympus DVR Service - OLYMPUS IMAGING CORP. - C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe

O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13054 bytes

MrCharlie · April 23, 2012

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

What's the name of the tool bars that you're talking about?

MrC

ronchettic · April 23, 2012

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Christian Ronchetti at 20:07:36 on 2012-04-23

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4004.1665 [GMT 1:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe

C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe

C:\Program Files (x86)\Plustek\Plustek OpticBook 3800\book express.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe

C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Windows\splwow64.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\calc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?affID=109980&babsrc=HP_ss&mntrId=d8a31185000000000000d0df9a8d65b5

uDefault_Page_URL = hxxp://www.google.co.uk

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll

TB: !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File

uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Facebook Update] "C:\Users\Christian Ronchetti\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM

mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun: [bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\COLOUR~1.LNK - C:\Program Files (x86)\MicrolinkPC\CXLOADER.exe

StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BOOKPA~1.LNK - C:\Program Files (x86)\Plustek\Plustek OpticBook 3800\book express.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE:

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201

IE: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203

IE: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204

IE: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://88.247.210.37:81/activex/AMC.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9D90092F-353F-44BC-BAD7-EAA0BE47863B} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9D90092F-353F-44BC-BAD7-EAA0BE47863B}\25F63756D6162797242716E6368623 : DhcpNameServer = 213.120.234.6 194.72.0.98

TCP: Interfaces\{9D90092F-353F-44BC-BAD7-EAA0BE47863B}\2656C6B696E6334353A616E6 : DhcpNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs:

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

mASetup: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - C:\Program Files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: CmjBrowserHelperObject Object: {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll

BHO-X64: Searchqu Toolbar - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM

mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun-x64: [bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

AppInit_DLLs-X64:

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Christian Ronchetti\AppData\Roaming\Mozilla\Firefox\Profiles\xd6r04iw.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/102

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=102&sr=0&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Users\Christian Ronchetti\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll

FF - plugin: C:\Users\Christian Ronchetti\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109980

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - d8a31185000000000000d0df9a8d65b5

FF - user.js: extensions.BabylonToolbar_i.hardId - d8a31185000000000000d0df9a8d65b5

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15445

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:11:17

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [2011-8-3 819976]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-23 654408]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]

R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-7-9 2932224]

R3 CeKbFilter;CeKbFilter;C:\Windows\system32\DRIVERS\CeKbFilter.sys --> C:\Windows\system32\DRIVERS\CeKbFilter.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-15 253088]

S3 FwLnk;FwLnk Driver;C:\Windows\system32\drivers\FwLnk.sys --> C:\Windows\system32\drivers\FwLnk.sys [?]

S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]

S3 Olympus DVR Service;Olympus DVR Service;C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2011-5-10 176128]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-23 15:49:31 388096 ----a-r- C:\Users\Christian Ronchetti\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-04-23 15:49:31 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-04-23 15:41:04 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Roaming\Malwarebytes

2012-04-23 15:40:47 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-23 15:40:46 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-23 15:40:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-23 15:25:05 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{FC570FC9-D91B-41A7-92D7-AA9C62FAA823}

2012-04-23 15:24:53 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{471142C4-FC30-4DE8-AA8D-9B44DCC119C1}

2012-04-23 14:50:44 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{01CCA537-C00B-40A3-9978-A594718D95F0}\mpengine.dll

2012-04-23 14:48:02 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-04-23 14:48:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-04-23 14:48:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll

2012-04-23 14:48:00 174392 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2012-04-23 14:48:00 141112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2012-04-23 14:45:22 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-23 14:45:22 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-23 14:45:21 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-23 14:36:22 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-23 14:36:22 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-23 14:36:22 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-23 14:36:21 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-23 14:36:21 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-23 14:36:21 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-23 14:36:21 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-23 14:19:59 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{51C258B7-DC86-488C-8E39-E21C1ED78BB2}

2012-04-23 14:19:47 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{CC5FC9CE-D138-49D6-A3B9-BB103A229B86}

2012-04-19 13:39:44 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{E50630EE-25AF-4F32-8553-E18B61EFEC26}

2012-04-19 13:39:31 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{49AB086C-ECFE-4248-8BA1-900FE5164080}

2012-04-19 13:23:36 -------- d-----w- C:\Windows\XSxS

2012-04-18 12:42:33 -------- d-----w- C:\Program Files\iPod

2012-04-18 12:42:32 -------- d-----w- C:\Program Files\iTunes

2012-04-15 20:18:09 -------- d-----w- C:\Program Files (x86)\fbphotozoom

2012-04-15 20:11:03 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\Babylon

2012-04-15 20:11:02 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Roaming\Babylon

2012-04-15 20:11:02 -------- d-----w- C:\ProgramData\Babylon

2012-04-15 19:54:21 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{9C107A08-3E3B-4A2C-9F87-9F9DFCB8CEEC}

2012-04-15 19:54:08 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{FA5DE11A-E444-486C-AA8F-92A11139F3E3}

2012-04-15 19:51:02 -------- d-----w- C:\ProgramData\PACE

2012-04-15 19:51:00 -------- d-----w- C:\Program Files (x86)\Common Files\PACE

2012-04-15 19:50:55 -------- d-----w- C:\ProgramData\Antares

2012-04-15 15:43:14 -------- d-----w- C:\ProgramData\PACE Anti-Piracy

2012-04-15 15:43:13 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Roaming\PACE Anti-Piracy

2012-04-15 15:43:13 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\PACE Anti-Piracy

2012-04-15 15:43:13 -------- d-----w- C:\Program Files (x86)\Common Files\PACE Anti-Piracy

2012-04-15 15:42:54 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{536C29FF-1601-44D0-9ABF-4D23B111962C}

2012-04-15 15:42:42 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{8D3DF2E0-D125-4C69-B01E-CDB5F174DEB6}

2012-04-15 14:48:08 -------- d-----w- C:\Program Files (x86)\Antares Audio Technologies

2012-04-15 13:48:51 -------- d-----w- C:\Program Files (x86)\Ffmpeg For Audacity

2012-04-15 13:09:32 -------- d-----w- C:\Windows\Freecorder Toolbar

2012-04-15 12:14:30 -------- d-----w- C:\Program Files (x86)\Lame For Audacity

2012-04-15 11:33:35 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Roaming\Antares

2012-04-15 10:33:34 -------- d-----w- C:\Program Files (x86)\Audacity

2012-04-15 10:20:14 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-15 09:53:14 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\TechSmith

2012-04-15 09:45:51 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-15 09:32:48 411480 ----a-w- C:\Windows\SysWow64\tsccvid.dll

2012-04-15 09:32:47 -------- d-----w- C:\Windows\SysWow64\QuickTime

2012-04-15 09:32:09 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared

2012-04-13 03:17:59 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{EE26926E-92BD-4BF1-BE33-C6D6EAAE52F4}

2012-04-12 09:44:26 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{9E3491EF-F091-4F3C-BC2E-214F1D1890A4}

2012-04-11 21:44:14 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{C190C0A1-5A75-43A7-AA60-805F0ACD9376}

2012-04-11 10:15:17 27176 ----a-w- C:\Windows\System32\drivers\ggsemc.sys

2012-04-11 10:15:17 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll

2012-04-11 10:15:17 13352 ----a-w- C:\Windows\System32\drivers\ggflt.sys

2012-04-11 10:14:44 -------- d-----w- C:\ProgramData\Sony Ericsson

2012-04-11 10:14:38 -------- d-----w- C:\Program Files (x86)\Sony Ericsson

2012-04-11 10:14:12 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-04-11 08:31:00 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{12F7C193-6347-4DDC-93AC-1573B166D3CA}

2012-04-10 14:14:52 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{59E8BB12-DE1E-4F91-893E-F5B146622E18}

2012-04-09 20:24:16 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{9DD84786-521D-493F-874C-3846B72DAF86}

2012-04-09 08:24:04 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{1D59E881-6D4A-4365-897C-9B0B3F0EE6F7}

2012-04-08 15:32:20 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{F4D610C0-7603-4D1A-8010-07A3CAA16526}

2012-04-05 14:05:01 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Roaming\AVS4YOU

2012-04-05 14:02:39 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia

2012-04-05 14:02:38 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2012-04-05 14:02:38 -------- d-----w- C:\ProgramData\AVS4YOU

2012-04-05 14:02:38 -------- d-----w- C:\Program Files (x86)\AVS4YOU

2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2012-04-04 02:51:07 -------- d-----w- C:\Program Files (x86)\Reincubate

2012-04-04 01:35:19 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\Apple_Inc

2012-04-04 01:34:34 -------- d-----w- C:\Program Files (x86)\iPhone Configuration Utility

2012-04-03 10:11:24 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{F5190AE2-8273-4699-BFC2-0F8D121B83A3}

2012-04-02 15:59:28 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{4FD26976-032E-4438-92AA-8A684052D39D}

2012-04-02 03:59:16 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{83709D4A-52B1-48B4-9970-6779AB567A77}

2012-04-01 11:31:02 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\{544A8C05-15D0-40D9-8B94-36DE32D4F1FA}

.

==================== Find3M ====================

.

2012-04-15 10:20:47 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-15 11:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-02-15 11:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-02-14 11:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

.

============= FINISH: 20:08:17.90 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 01/12/2011 12:50:39

System Uptime: 23/04/2012 16:22:17 (4 hours ago)

.

Motherboard: TOSHIBA | | PWWHA

Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU 1 | 882/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 29.231 GiB free.

D: is FIXED (NTFS) - 391 GiB total, 323.423 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP81: 22/04/2012 05:55:45 - Windows Update

RP82: 23/04/2012 15:31:05 - Windows Update

RP83: 23/04/2012 16:26:51 - Removed Interlok driver setup x64.

RP84: 23/04/2012 16:48:12 - Installed HiJackThis

.

==== Installed Programs ======================

.

ABBYY FineReader 11

ABBYY FineReader 9.0 Sprint

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

Antares Auto-Tune Evo VST

Apple Application Support

Apple Software Update

µTorrent

Audacity 1.3.14 (Unicode)

Auto-Tune EFX VST

Camtasia Studio 7

Canon iP4900 series User Registration

Canon My Printer

Colour Explorer 9,0

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Facebook Messenger 2.0.4478.0

Facebook Video Calling 1.2.0.159

FFmpeg v0.6.2 for Audacity

GIMP 2.6.11

HiJackThis

IBM SPSS Statistics 19

iPhone Backup Extractor

iPhone Configuration Utility

Java Auto Updater

Java 6 Update 31

jZip

LAME v3.99.3 (for Windows)

Malwarebytes Anti-Malware version 1.61.0.1400

MatchWare MindView 4.0

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mindjet MindManager 2012

Mozilla Firefox 11.0 (x86 en-GB)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero Burning ROM 10

Nero BurningROM 10 Help (CHM)

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Update

Olympus Sonority

Plustek OpticBook 3800

Presto! ImageFolio 4

Presto! PageManager 7.23

QuickTime

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Skype™ 5.8

swMSM

TOSHIBA Assist

TOSHIBA Face Recognition

TOSHIBA Flash Cards Support Utility

TOSHIBA Hardware Setup

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Utility Common Driver

VST Bridge 1.1

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WMPTagSupportExtender

Xvid Video Codec

youtubetomp3.org ver. 1.0

.

==== Event Viewer Messages From Past Week ========

.

23/04/2012 08:06:02, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

22/04/2012 05:44:26, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

18/04/2012 22:13:00, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

.

==== End Of File ===========================

RogueKiller V7.3.3 [04/22/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Christian Ronchetti [Admin rights]

Mode: Scan -- Date: 04/23/2012 20:12:45

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5075GSX +++++

--- User ---

[MBR] a2742854001c4d7785a9c038e6cc02a8

[bSP] 35b1ce54f3458b0da221017b70a9409f : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76800 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 157288448 | Size: 400138 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

I think its called babylon toolbar ....

thanks

MrCharlie · April 23, 2012

OK, I see it...but we have to run a different program to delete it:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

ronchettic · April 23, 2012

ComboFix 12-04-23.02 - Christian Ronchetti 23/04/2012 21:34:57.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4004.1334 [GMT 1:00]

Running from: c:\users\Christian Ronchetti\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\windows\system32\Thumbs.db

c:\windows\XSxS

D:\install.exe

.

((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))

.

2012-04-23 15:49 . 2012-04-23 15:49 388096 ----a-r- c:\users\Christian Ronchetti\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-04-23 15:49 . 2012-04-23 15:49 -------- d-----w- c:\program files (x86)\Trend Micro

2012-04-23 15:41 . 2012-04-23 15:41 -------- d-----w- c:\users\Christian Ronchetti\AppData\Roaming\Malwarebytes

2012-04-23 15:40 . 2012-04-23 15:40 -------- d-----w- c:\programdata\Malwarebytes

2012-04-23 15:40 . 2012-04-23 15:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-23 15:40 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-23 14:50 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01CCA537-C00B-40A3-9978-A594718D95F0}\mpengine.dll

2012-04-23 14:48 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-04-23 14:48 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-04-23 14:48 . 2012-02-28 07:37 174392 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-04-23 14:48 . 2012-02-28 06:47 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2012-04-23 14:48 . 2012-02-28 01:58 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll

2012-04-23 14:45 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-23 14:45 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-23 14:45 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-23 14:36 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-23 14:36 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-23 14:36 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-23 14:36 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-23 14:36 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-23 14:36 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-23 14:36 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-18 12:42 . 2012-04-18 12:42 -------- d-----w- c:\program files\iPod

2012-04-18 12:42 . 2012-04-18 12:43 -------- d-----w- c:\program files\iTunes

2012-04-15 20:18 . 2012-04-15 20:18 -------- d-----w- c:\program files (x86)\fbphotozoom

2012-04-15 20:11 . 2012-04-15 20:11 237 ----a-w- C:\user.js

2012-04-15 20:11 . 2012-04-15 20:11 -------- d-----w- c:\users\Christian Ronchetti\AppData\Local\Babylon

2012-04-15 20:11 . 2012-04-15 20:11 -------- d-----w- c:\users\Christian Ronchetti\AppData\Roaming\Babylon

2012-04-15 20:11 . 2012-04-15 20:11 -------- d-----w- c:\programdata\Babylon

2012-04-15 19:51 . 2012-04-15 19:51 -------- d-----w- c:\programdata\PACE

2012-04-15 19:51 . 2012-04-15 19:51 -------- d-----w- c:\program files (x86)\Common Files\PACE

2012-04-15 19:50 . 2012-04-15 19:50 -------- d-----w- c:\programdata\Antares

2012-04-15 15:43 . 2012-04-15 15:43 -------- d-----w- c:\programdata\PACE Anti-Piracy

2012-04-15 15:43 . 2012-04-15 15:44 -------- d-----w- c:\users\Christian Ronchetti\AppData\Local\PACE Anti-Piracy

2012-04-15 15:43 . 2012-04-15 15:43 -------- d-----w- c:\users\Christian Ronchetti\AppData\Roaming\PACE Anti-Piracy

2012-04-15 15:43 . 2012-04-15 15:43 -------- d-----w- c:\program files (x86)\Common Files\PACE Anti-Piracy

2012-04-15 14:48 . 2012-04-15 19:50 -------- d-----w- c:\program files (x86)\Antares Audio Technologies

2012-04-15 13:48 . 2012-04-15 13:48 -------- d-----w- c:\program files (x86)\Ffmpeg For Audacity

2012-04-15 13:09 . 2012-04-15 13:09 -------- d-----w- c:\windows\Freecorder Toolbar

2012-04-15 12:14 . 2012-04-15 12:14 -------- d-----w- c:\program files (x86)\Lame For Audacity

2012-04-15 11:33 . 2012-04-15 14:56 -------- d-----w- c:\users\Christian Ronchetti\AppData\Roaming\Antares

2012-04-15 10:33 . 2012-04-15 10:33 -------- d-----w- c:\program files (x86)\Audacity

2012-04-15 10:20 . 2012-04-15 10:20 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-15 09:53 . 2012-04-15 09:53 -------- d-----w- c:\users\Christian Ronchetti\AppData\Local\TechSmith

2012-04-15 09:45 . 2012-04-15 10:20 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-15 09:32 . 2010-03-04 16:27 411480 ----a-w- c:\windows\SysWow64\tsccvid.dll

2012-04-15 09:32 . 2012-04-15 09:32 -------- d-----w- c:\windows\SysWow64\QuickTime

2012-04-15 09:32 . 2012-04-15 09:32 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared

2012-04-15 09:32 . 2012-04-15 09:32 -------- d-----w- c:\programdata\TechSmith

2012-04-15 09:32 . 2012-04-15 09:32 -------- d-----w- c:\program files (x86)\TechSmith

2012-04-11 10:15 . 2012-04-11 10:15 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2012-04-11 10:15 . 2012-04-11 10:15 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2012-04-11 10:15 . 2012-04-11 10:15 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys

2012-04-11 10:14 . 2012-04-23 14:38 -------- d-----w- c:\programdata\Sony Ericsson

2012-04-11 10:14 . 2012-04-23 14:38 -------- d-----w- c:\program files (x86)\Sony Ericsson

2012-04-11 10:14 . 2012-04-11 10:14 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-04-11 10:14 . 2012-04-11 10:13 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-11 10:13 . 2012-04-11 10:13 -------- d-----w- c:\program files (x86)\Java

2012-04-05 14:05 . 2012-04-05 14:05 -------- d-----w- c:\users\Christian Ronchetti\AppData\Roaming\AVS4YOU

2012-04-05 14:02 . 2012-04-23 14:35 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia

2012-04-05 14:02 . 2012-04-23 14:35 -------- d-----w- c:\program files (x86)\AVS4YOU

2012-04-05 14:02 . 2012-04-05 14:05 -------- d-----w- c:\programdata\AVS4YOU

2012-04-05 14:02 . 2011-08-22 15:32 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll

2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2012-04-04 02:51 . 2012-04-04 02:51 -------- d-----w- c:\program files (x86)\Reincubate

2012-04-04 01:35 . 2012-04-04 01:35 -------- d-----w- c:\users\Christian Ronchetti\AppData\Local\Apple_Inc

2012-04-04 01:34 . 2012-04-04 01:34 -------- d-----w- c:\program files (x86)\iPhone Configuration Utility

2012-03-30 19:01 . 2012-03-30 19:01 -------- d-----w- c:\program files (x86)\Common Files\Skype

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-15 10:20 . 2011-12-01 14:05 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-13 08:46 . 2011-12-14 10:29 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-01 23:55 . 2012-03-01 23:55 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-03-01 23:55 . 2012-03-01 23:55 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-03-01 23:55 . 2012-03-01 23:55 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-03-01 23:55 . 2012-03-01 23:55 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-03-01 23:55 . 2012-03-01 23:55 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-03-01 23:55 . 2012-03-01 23:55 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-03-01 23:55 . 2012-03-01 23:55 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-03-01 23:55 . 2012-03-01 23:55 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-03-01 23:55 . 2012-03-01 23:55 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-03-01 23:55 . 2012-03-01 23:55 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-03-01 23:55 . 2012-03-01 23:55 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-03-01 23:55 . 2012-03-01 23:55 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-03-01 23:55 . 2012-03-01 23:55 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-03-01 23:55 . 2012-03-01 23:55 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-03-01 23:55 . 2012-03-01 23:55 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-03-01 23:55 . 2012-03-01 23:55 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-03-01 23:55 . 2012-03-01 23:55 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-03-01 23:55 . 2012-03-01 23:55 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-03-01 23:55 . 2012-03-01 23:55 222208 ----a-w- c:\windows\system32\msls31.dll

2012-03-01 23:55 . 2012-03-01 23:55 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-03-01 23:55 . 2012-03-01 23:55 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-03-01 23:55 . 2012-03-01 23:55 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-03-01 23:55 . 2012-03-01 23:55 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-03-01 23:55 . 2012-03-01 23:55 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-03-01 23:55 . 2012-03-01 23:55 448512 ----a-w- c:\windows\system32\html.iec

2012-03-01 23:55 . 2012-03-01 23:55 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-03-01 23:55 . 2012-03-01 23:55 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-03-01 23:55 . 2012-03-01 23:55 12288 ----a-w- c:\windows\system32\mshta.exe

2012-03-01 23:55 . 2012-03-01 23:55 114176 ----a-w- c:\windows\system32\admparse.dll

2012-03-01 23:55 . 2012-03-01 23:55 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-03-01 23:55 . 2012-03-01 23:55 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-03-01 23:55 . 2012-03-01 23:55 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 23:55 . 2012-03-01 23:55 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-03-01 23:55 . 2012-03-01 23:55 160256 ----a-w- c:\windows\system32\wextract.exe

2012-02-17 06:38 . 2012-03-14 17:04 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 17:04 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 17:04 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 17:04 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-15 11:01 . 2012-02-15 11:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-14 11:09 . 2012-02-14 11:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-11 02:24 . 2012-02-11 02:25 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEF04F1F-1395-41E9-9CFF-6142BD87F2B8}\gapaengine.dll

2012-02-10 06:36 . 2012-03-14 17:07 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 17:07 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-08 07:13 . 2012-03-01 23:59 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2012-02-03 04:34 . 2012-03-14 17:07 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-25 06:38 . 2012-03-14 17:05 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 06:38 . 2012-03-14 17:05 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 06:33 . 2012-03-14 17:05 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"Facebook Update"="c:\users\Christian Ronchetti\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-11 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]

"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-08-09 911112]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"MMReminderService"="c:\program files (x86)\Mindjet\MindManager 10\MMReminderService.exe" [2012-02-27 38248]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Christian Ronchetti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Colour Explorer 9,0.lnk - c:\program files (x86)\MicrolinkPC\CXLOADER.exe [2011-12-1 72192]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Book Pavilion (Plustek OpticBook 3800).lnk - c:\program files (x86)\Plustek\Plustek OpticBook 3800\book express.exe [2011-12-1 475136]

Device Detector 4.lnk - c:\program files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe [2009-12-1 402832]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TaskBar.vbs [2009-8-12 1797]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [x]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 Olympus DVR Service;Olympus DVR Service;c:\program files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2011-05-10 176128]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [2011-08-03 819976]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-07-09 2932224]

S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]

2012-02-27 04:49 1409 ----a-r- c:\program files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 10:20]

.

2012-04-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-201949659-3598620656-673553719-1000Core.job

- c:\users\Christian Ronchetti\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-19 08:36]

.

2012-04-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-201949659-3598620656-673553719-1000UA.job

- c:\users\Christian Ronchetti\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-19 08:36]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-07 167256]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-07 391000]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-07 418136]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2007-07-18 20480]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-15 2779024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.babylon.com/?affID=109980&babsrc=HP_ss&mntrId=d8a31185000000000000d0df9a8d65b5

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE:

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send Image To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201

IE: Send Link To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203

IE: Send Page To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204

IE: Send Text To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202

TCP: DhcpNameServer = 192.168.0.1

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://88.247.210.37:81/activex/AMC.cab

FF - ProfilePath - c:\users\Christian Ronchetti\AppData\Roaming\Mozilla\Firefox\Profiles\xd6r04iw.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/102

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=102&sr=0&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109980

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - d8a31185000000000000d0df9a8d65b5

FF - user.js: extensions.BabylonToolbar_i.hardId - d8a31185000000000000d0df9a8d65b5

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15445

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:11

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-TOSHIBA Face Recognition - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Colour Explorer 9,0 - c:\windows\system32\SpoonUninstall.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Completion time: 2012-04-23 21:46:29 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-23 20:46

.

Pre-Run: 31,077,609,472 bytes free

Post-Run: 32,278,523,904 bytes free

.

- - End Of File - - A8E813620D0E3385834FEDF9DC7771E8

MrCharlie · April 23, 2012

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

DDS::
uStart Page = hxxp://search.babylon.com/?affID=109980&babsrc=HP_ss&mntrId=d8a31185000000000000d0df9a8d65b5
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
TB: !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: URLRedirectionBHO - No File
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/102
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109980
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - d8a31185000000000000d0df9a8d65b5
FF - user.js: extensions.BabylonToolbar_i.hardId - d8a31185000000000000d0df9a8d65b5
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15445
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:11:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
2012-04-15 20:11:03 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Local\Babylon
2012-04-15 20:11:02 -------- d-----w- C:\Users\Christian Ronchetti\AppData\Roaming\Babylon
2012-04-15 20:11:02 -------- d-----w- C:\ProgramData\Babylon
Firefox::
FF - ProfilePath - c:\users\Christian Ronchetti\AppData\Roaming\Mozilla\Firefox\Profiles\xd6r04iw.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/102

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

ronchettic · April 23, 2012

ComboFix 12-04-23.02 - Christian Ronchetti 23/04/2012 23:00:20.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4004.2671 [GMT 1:00]

Running from: c:\users\Christian Ronchetti\Desktop\ComboFix.exe

Command switches used :: c:\users\Christian Ronchetti\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))

.

2012-04-23 22:05 . 2012-04-23 22:05 -------- d-----w- c:\users\Default\AppData\Local\temp