Infected with Dropper.Bcminer, Generic28.ANIC, rootkit.0access, backdoor back

Rickaber · August 8, 2012

Quite a mess. I see you are working on several already. I need some help can't do it on my own.

Rick

screen317 · August 8, 2012

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Rickaber · August 8, 2012

Scaned with MBAM, shows 12 log files should I open and post all?

Let me know if these are OK and next step, thank you. Rick

2012/08/08 07:23:17 -0500 RICK-PC Rick MESSAGE Starting protection

2012/08/08 07:23:21 -0500 RICK-PC Rick MESSAGE Protection started successfully

2012/08/08 07:23:24 -0500 RICK-PC Rick MESSAGE Starting IP protection

2012/08/08 07:23:24 -0500 RICK-PC Rick ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753

2012/08/08 07:23:25 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 07:26:12 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 07:31:56 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 07:32:11 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 07:37:26 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 07:37:27 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 07:37:28 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 07:51:45 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 07:53:40 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 07:53:43 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 07:54:04 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 07:54:16 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 08:00:03 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 08:10:02 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 08:10:03 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 08:22:18 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 08:25:56 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 08:25:59 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 08:26:53 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 08:45:06 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 08:48:11 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 08:50:26 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 08:55:27 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 08:55:28 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 09:01:02 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 09:01:03 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 09:16:26 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 09:33:57 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 09:38:06 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 09:43:05 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 09:48:25 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 09:48:26 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 09:56:29 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 09:56:32 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 09:59:12 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 10:16:02 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 10:31:56 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 10:47:16 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 10:53:59 -0500 RICK-PC Rick MESSAGE Executing scheduled update: Daily

2012/08/08 10:54:09 -0500 RICK-PC Rick MESSAGE Starting database refresh

2012/08/08 10:54:09 -0500 RICK-PC Rick MESSAGE Scheduled update executed successfully: database updated from version v2012.08.07.06 to version v2012.08.08.07

2012/08/08 10:54:12 -0500 RICK-PC Rick MESSAGE Database refreshed successfully

2012/08/08 10:58:30 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 11:08:52 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 11:23:13 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 11:37:42 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 11:37:43 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 11:51:26 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 11:51:27 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 12:01:47 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 12:14:06 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 12:19:09 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 12:34:41 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 12:48:32 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 12:54:02 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 13:03:53 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 13:18:49 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 13:31:02 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 13:31:03 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 13:36:40 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 13:41:53 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 13:42:31 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 13:58:09 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 14:13:59 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 14:14:00 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 14:17:02 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 14:19:21 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\000000cb.@ Rootkit.0Access ALLOW

2012/08/08 14:19:23 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 14:20:48 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 14:22:07 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 14:22:54 -0500 RICK-PC Rick MESSAGE Starting database refresh

2012/08/08 14:23:08 -0500 RICK-PC Rick MESSAGE Database refreshed successfully

2012/08/08 14:26:48 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 14:26:49 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 14:32:25 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\000000cb.@ Rootkit.0Access ALLOW

2012/08/08 14:32:25 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

2012/08/08 14:41:06 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.08.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Rick :: RICK-PC [administrator]

Protection: Enabled

8/8/2012 2:23:07 PM

mbam-log-2012-08-08 (14-23-07).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 258294

Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Rick at 14:42:52 on 2012-08-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.1573 [GMT -5:00]

.

AV: Lavasoft Ad-Aware *Enabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Aware *Enabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Users\Rick\Documents\RCA Detective\RCADetective.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: {8A86D350-37AB-410A-8531-7D1363F317B3} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [iSUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

uRun: [ContactKeeper Birthday reminder] "C:\Program Files (x86)\ContactKeeper\ContactKeeper.exe" /Reminder

uRun: [Easy Dock] C:\Users\Rick\Documents\RCA easyRip\EZDock.exe

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [sbitunesagent] C:\Program Files (x86)\Philips\Philips Songbird\songbirditunesagent.exe

mRun: [<NO NAME>]

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

StartupFolder: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk.disabled

StartupFolder: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk.disabled

StartupFolder: C:\Users\Rick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RCADET~1.LNK - C:\Users\Rick\Documents\RCA Detective\RCADetective.exe

StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk.disabled

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: intuit.com\ttlc

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53

TCP: Interfaces\{1208C354-97C5-4451-B68C-C2B2C45836B9} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10

TCP: Interfaces\{1208C354-97C5-4451-B68C-C2B2C45836B9}\2716265627E616478697 : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10

TCP: Interfaces\{405F4969-1A06-4677-B746-974FA9DD6BA6} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10

TCP: Interfaces\{405F4969-1A06-4677-B746-974FA9DD6BA6}\C696E6B6379737 : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10

TCP: Interfaces\{E2236717-3539-4EC4-ABDA-0B9D7560F5D3} : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53

TCP: Interfaces\{E2236717-3539-4EC4-ABDA-0B9D7560F5D3}\2716265627E616478697 : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53

TCP: Interfaces\{F4F2BF47-101D-46CA-9AFD-5CDCDBC9AE66} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10

TCP: Interfaces\{F4F2BF47-101D-46CA-9AFD-5CDCDBC9AE66}\C696E6B6379737 : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do Not Track - No File

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

BHO-X64: Ad-Aware Security Toolbar - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: {8A86D350-37AB-410A-8531-7D1363F317B3} - No File

BHO-X64: Fantapper - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll

BHO-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar

BHO-X64: Searchqu Toolbar - No File

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll

TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [(Default)]

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UBNet\UBNet.lnk

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\z6sxmaoi.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B53df7d87-0c97-4a62-a0bd-474c614748d2%7D&mid=a1b7d9edb0581287024df44b9f52c980-351f31d2ccd06ea5391faed251a2d45d3213f1b7&ds=AVG&v=12.1.0.21〈=en&pr=fr&d=2012-08-02%2007%3A27%3A57&sap=ku&q=

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: C:\Program Files (x86)\Charter Security Suite\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.funmoods_i.newTab - false

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=

FF - user.js: extensions.funmoods_i.id - bcafd950000000000000001ee5e3fb7f

FF - user.js: extensions.funmoods_i.instlDay - 15478

FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.228:27:42

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - axl

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

FF - user.js: extensions.funmoods.hmpg - false

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtByCtB0DtCtC0B0DyEzz0DzyyDtDtN0D0TzutBtDtCtBtDyDtBtA&cr=863154621

FF - user.js: extensions.funmoods.dfltSrch - false

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtByCtB0DtCtC0B0DyEzz0DzyyDtDtN0D0TzutBtDtCtBtDyDtBtA&cr=863154621

FF - user.js: extensions.funmoods.tlbrSrchUrl -

FF - user.js: extensions.funmoods.id - bcafd950000000000000001ee5e3fb7f

FF - user.js: extensions.funmoods.instlDay - 15483

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - axl

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - axl

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]

R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]

R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-4-29 101720]

R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]

R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-3-29 1161072]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-2 655944]

R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-5-17 2804280]

R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-21 1692480]

R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-8-2 830048]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]

R3 VIACRX64;VIACRX64;C:\Windows\system32\DRIVERS\viacr64.sys --> C:\Windows\system32\DRIVERS\viacr64.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 FTSvc;Fantapper Player Update Service;"C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe" --> C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [?]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-28 136176]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-5-29 1153368]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250056]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-2 1025352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-28 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]

S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]

S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-05 17:33:38 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP

2012-08-04 13:19:13 -------- d-----w- C:\Program Files\Enigma Software Group

2012-08-04 13:17:56 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-08-04 13:14:36 -------- d-----w- C:\Users\Rick\AppData\Local\Microsoft Help

2012-08-04 13:13:01 -------- d-----w- C:\Windows\System32\wbem\Logs

2012-08-04 12:55:35 -------- d-----w- C:\Users\Rick\AppData\Roaming\DriverCure

2012-08-04 12:55:34 -------- d-----w- C:\Users\Rick\AppData\Roaming\SpeedyPC Software

2012-08-04 12:55:17 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software

2012-08-04 12:55:13 -------- d-----w- C:\ProgramData\SpeedyPC Software

2012-08-04 12:55:13 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software

2012-08-03 14:00:40 -------- d-----w- C:\Program Files\iPod

2012-08-03 14:00:38 -------- d-----w- C:\Program Files\iTunes

2012-08-03 13:55:27 -------- d-----w- C:\Program Files\Bonjour

2012-08-03 13:55:27 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-08-02 17:06:03 -------- d-----w- C:\Users\Rick\AppData\Roaming\Malwarebytes

2012-08-02 17:03:51 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-02 17:03:48 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-02 17:03:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-02 12:27:56 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2012-08-02 12:27:52 -------- d-----w- C:\Program Files (x86)\AVG Secure Search

2012-07-29 19:23:48 -------- d-----w- C:\Users\Rick\AppData\Roaming\Flickr

2012-07-29 19:23:48 -------- d-----w- C:\Users\Rick\AppData\Local\Flickr

2012-07-29 19:22:13 -------- d-----w- C:\Program Files (x86)\Flickr Uploadr

2012-07-29 13:33:16 -------- d--h--w- C:\$AVG

2012-07-29 13:12:02 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-12 08:08:11 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 11:04:19 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-11 11:04:19 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-07-11 11:04:18 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-07-11 11:04:17 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-07-11 11:04:16 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2012-07-11 11:04:16 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2012-07-11 11:02:07 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-11 11:02:07 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 11:02:06 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-07-11 11:02:05 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-07-11 11:02:05 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-07-11 11:02:04 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-07-11 11:02:03 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 11:02:02 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll

2012-07-11 11:02:02 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 11:02:02 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 11:02:01 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 11:02:00 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-07-11 11:01:59 1133568 ----a-w- C:\Windows\System32\cdosys.dll

.

==================== Find3M ====================

.

2012-08-02 23:17:32 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-02 23:17:32 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 14:44:05.95 ===============

Rickaber · August 8, 2012

I have also tried to get rid of the 'funmoods' but can't. They are associated with FF are they harmful? Rick

screen317 · August 10, 2012

Hi,

If you get anymore of these alerts:

2012/08/08 14:41:06 -0500 RICK-PC Rick DETECTION C:\Windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@ Rootkit.0Access ALLOW

Do not allow them!

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

If after ComboFix reboots you get a message about an "Invalid Option Registry Key Marked for Deletion," please reboot again and the error will go away.

-screen317

Rickaber · August 10, 2012

Ok glad to see you back.

Rickaber · August 10, 2012

Thanks Screen 317,

Sorry it took so long, kind of fumbling around, but I think this is what you need. Rick

ComboFix 12-08-09.01 - Rick 08/10/2012 15:09:13.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2452 [GMT -5:00]

Running from: c:\users\Rick\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Lavasoft Ad-Aware *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Lavasoft Ad-Aware *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\program files (x86)\FilmFanatic

c:\program files (x86)\FilmFanatic\bar\IE9Mesg\COMMON.T8S

c:\program files (x86)\FilmFanatic\bar\Message\COMMON.T8S

c:\program files (x86)\FilmFanatic\bar\Settings\s_pid.dat

c:\program files (x86)\FilmFanaticEI

c:\program files (x86)\Search Toolbar

c:\program files (x86)\Search Toolbar\icon.ico

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\@

c:\windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\L\00000004.@

c:\windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\L\201d3dde

c:\windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\00000004.@

c:\windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\00000008.@

c:\windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\000000cb.@

c:\windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000000.@

c:\windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000032.@

c:\windows\Installer\{ae71bd45-4d82-deca-6b26-df288911520c}\U\80000064.@

.

c:\windows\system32\services.exe . . . is infected!!

.

Infected copy of c:\windows\system32\services.exe was found and disinfected

Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy1_!Windows!System32!services.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_{79007602-0CDB-4405-9DBF-1257BB3226EE}

-------\Service_FTSvc

.

((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))

.

2012-08-10 20:21 . 2012-08-10 20:21 -------- d-----w- c:\users\MaRiAh\AppData\Local\temp

2012-08-10 20:21 . 2012-08-10 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-05 18:18 . 2012-08-05 18:18 -------- d-----w- c:\users\Lisa\AppData\Local\AVG Secure Search

2012-08-05 17:33 . 2012-08-05 17:34 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP

2012-08-04 13:19 . 2012-08-04 13:19 -------- d-----w- c:\program files\Enigma Software Group

2012-08-04 13:17 . 2012-08-04 13:17 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-08-04 13:14 . 2012-08-04 13:14 -------- d-----w- c:\users\Rick\AppData\Local\Microsoft Help

2012-08-04 13:13 . 2012-08-04 13:13 -------- d-----w- c:\windows\system32\wbem\Logs

2012-08-04 12:55 . 2012-08-04 12:55 -------- d-----w- c:\users\Rick\AppData\Roaming\DriverCure

2012-08-04 12:55 . 2012-08-04 12:55 -------- d-----w- c:\users\Rick\AppData\Roaming\SpeedyPC Software

2012-08-04 12:55 . 2012-08-04 12:55 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software

2012-08-04 12:55 . 2012-08-04 12:55 -------- d-----w- c:\programdata\SpeedyPC Software

2012-08-04 12:55 . 2012-08-04 12:55 -------- d-----w- c:\program files (x86)\SpeedyPC Software

2012-08-03 14:00 . 2012-08-03 14:00 -------- d-----w- c:\program files\iPod

2012-08-03 14:00 . 2012-08-03 14:01 -------- d-----w- c:\program files\iTunes

2012-08-03 13:55 . 2012-08-03 13:55 -------- d-----w- c:\program files\Bonjour

2012-08-03 13:55 . 2012-08-03 13:55 -------- d-----w- c:\program files (x86)\Bonjour

2012-08-02 17:06 . 2012-08-02 17:06 -------- d-----w- c:\users\Rick\AppData\Roaming\Malwarebytes

2012-08-02 17:03 . 2012-08-02 17:03 -------- d-----w- c:\programdata\Malwarebytes

2012-08-02 17:03 . 2012-08-02 17:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-02 17:03 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-02 12:27 . 2012-08-02 12:27 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-08-02 12:27 . 2012-08-02 12:28 -------- d-----w- c:\program files (x86)\AVG Secure Search

2012-07-29 19:23 . 2012-07-29 19:23 -------- d-----w- c:\users\Rick\AppData\Roaming\Flickr

2012-07-29 19:23 . 2012-07-29 19:23 -------- d-----w- c:\users\Rick\AppData\Local\Flickr

2012-07-29 19:22 . 2012-07-29 19:23 -------- d-----w- c:\program files (x86)\Flickr Uploadr

2012-07-29 13:33 . 2012-08-02 12:25 -------- d-----w- C:\$AVG

2012-07-29 13:12 . 2012-07-29 13:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-12 08:08 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-12 08:01 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-07-12 08:01 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-02 23:17 . 2012-03-29 10:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-02 23:17 . 2011-07-13 10:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 08:04 . 2010-05-26 14:55 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-09 05:43 . 2012-07-11 11:04 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-11 11:04 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 11:04 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 11:01 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 11:04 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 11:04 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 11:02 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-21 11:47 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 11:47 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 11:47 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 11:47 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 11:47 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 11:47 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 11:47 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-21 11:46 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:15 . 2012-06-21 11:46 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:50 . 2012-07-11 11:03 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 11:03 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-11 11:03 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-11 11:03 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 11:03 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 11:03 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 11:03 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 11:03 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 11:03 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

2012-03-06 19:16 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-08-02 12:27 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-06-07 02:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-08-02 2086496]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]

"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-03-06 87440]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

"ContactKeeper Birthday reminder"="c:\program files (x86)\ContactKeeper\ContactKeeper.exe" [2008-01-04 860160]

"Easy Dock"="c:\users\Rick\Documents\RCA easyRip\EZDock.exe" [2011-08-12 585728]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"sbitunesagent"="c:\program files (x86)\Philips\Philips Songbird\songbirditunesagent.exe" [2011-11-16 266240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-02 1147488]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-25 560128]

.

c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk.disabled [2010-5-19 1980]

LimeWire On Startup.lnk.disabled [2010-10-16 1865]

RCA Detective.lnk - c:\users\Rick\Documents\RCA Detective\RCADetective.exe [2012-1-23 868864]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Desktop Manager.lnk.disabled [2010-7-26 2012]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"BlackBerryAutoUpdate"=c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

"<NO NAME>"=

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 136176]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568]

R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 60504]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1255736]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-02 31080]

S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 253528]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 55384]

S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 94296]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-17 2804280]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-05-11 72280]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-08-02 830048]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-05-25 966144]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]

S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568]

S3 VIACRX64;VIACRX64;c:\windows\system32\DRIVERS\viacr64.sys [2010-05-10 82544]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-24 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 17:44]

.

2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 23:17]

.

2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 16:52]

.

2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 16:52]

.

2012-08-04 c:\windows\Tasks\SpeedyPC Pro.job

- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 23:17]

.

2012-08-09 c:\windows\Tasks\SpeedyPC Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2012-08-10 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job

- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]

.

2012-08-04 c:\windows\Tasks\SpeedyPC Update Version3.job

- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]

.

2012-07-30 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2010-05-29 20:31]

.

2010-07-08 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

- c:\program files (x86)\Spybot - Search & Destroy\SDUpdate.exe [2010-05-29 20:31]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Linksys Wireless Manager"="c:\program files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-07-09 1366064]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]

"SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\Engine\SBRC.exe" [2011-05-17 197968]

"combofix"="c:\combofix\CF15351.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll

FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\z6sxmaoi.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B53df7d87-0c97-4a62-a0bd-474c614748d2%7D&mid=a1b7d9edb0581287024df44b9f52c980-351f31d2ccd06ea5391faed251a2d45d3213f1b7&ds=AVG&v=12.1.0.21〈=en&pr=fr&d=2012-08-02%2007%3A27%3A57&sap=ku&q=

FF - user.js: extensions.funmoods_i.newTab - false

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=

FF - user.js: extensions.funmoods_i.id - bcafd950000000000000001ee5e3fb7f

FF - user.js: extensions.funmoods_i.instlDay - 15478

FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.228:27

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - axl

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

FF - user.js: extensions.funmoods.hmpg - false

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtByCtB0DtCtC0B0DyEzz0DzyyDtDtN0D0TzutBtDtCtBtDyDtBtA&cr=863154621

FF - user.js: extensions.funmoods.dfltSrch - false

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtByCtB0DtCtC0B0DyEzz0DzyyDtDtN0D0TzutBtDtCtBtDyDtBtA&cr=863154621

FF - user.js: extensions.funmoods.tlbrSrchUrl -

FF - user.js: extensions.funmoods.id - bcafd950000000000000001ee5e3fb7f

FF - user.js: extensions.funmoods.instlDay - 15483

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - axl

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - axl

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-Locked - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE

c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

.

**************************************************************************

.

Completion time: 2012-08-10 15:40:40 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-10 20:40

.

Pre-Run: 565,213,704,192 bytes free

Post-Run: 564,390,342,656 bytes free

.

- - End Of File - - 45A97CEAFC06A9395B428C43A01BA04B

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Rick at 15:50:59 on 2012-08-10

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2412 [GMT -5:00]

.

AV: Lavasoft Ad-Aware *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Aware *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Users\Rick\Documents\RCA Detective\RCADetective.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe